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Security: 


Practical  advice  on  locking  down  enterprise 
networks.  Special  pullout  begins  after  PAGE 
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Fed  to  banks: 
Improve  backup 


■  BY  ELLEN  MESSMER  AND 
DENISE  PAPPALARDO 

WASHINGTON,  D.C.  —  The 
Federal  Reserve  is  spearheading 
a  drive  to  impose  strict  new  dis¬ 
aster-recovery  regulations  on 
financial  institutions  so  that  trad¬ 
ing  and  banking  operations  can 
more  quickly  rebound  from  a 
Sept.  1 1-type  catastrophic  event. 


Financial  institutions,  while  also 
eager  to  avert  a  repeat  in  any 
future  emergency,  say  they  are 
concerned  these  regulations  will 
prove  too  costly  and  difficult  to 
implement. 

“It’s  going  to  be  expensive  to  do 
what  the  Fed  is  thinking  about," 
says  Paul  Hugenberg.IT  audit  offi¬ 
cer  at  Sky  Financial  Group,  an 

See  Fed,  page  71 


Case  Western  Reserve 
University  brings 
Gigabit  Ethernet  to  A 
the  desktop  at  its 
management 
school.  JmW 


IETF  tames 


Group  pushes  compatible  instant  messaging. 


fc  fcThe  financial  services  industi^ 
needs  a  secure,  auditable 
[instant-messaging]  approach, 
but  based  on  open  standards 
as  much  as  possible.  9  9 

Mike  Sayers,  CTO,  Reuters 


■  BY  CAROLYN  DUFFY  MARSAN 

After  five  years  of  raucous  de¬ 
bate  and  stop-and-start  develop¬ 
ment,  the  Internets  premier  stan- 
dards-setting  body  is  finalizing  a 
set  of  protocols  that  will  let  com¬ 
panies  exchange  instant  mes¬ 
sages  with  business  partners  and 
customers  across  private  !P  net¬ 
works  and  the  Internet. 

Dubbed  SIMPLE,  the  Session  Ini¬ 
tiation  Protocol  (SIP)  for  Instant 
Messaging  and  Presence  Lever¬ 
aging  Extensions  is  essentially  fin¬ 
ished. The  three  main  documents 
outlining  SIMPLE  have  received 
approval  from  Internet  Engineer¬ 


ing  Task  Force  (IETF)  leaders  and 
are  awaiting  official  publication, 
which  is  expected  in  the  next 
few  weeks. 

Completion  of  SIMPLE  is  a  mile 
stone  for  corporate  users  of  in¬ 


stant-messaging  systems,  who  are 
demanding  interoperability  SIM¬ 
PLE  lets  users  of  different  instant¬ 
messaging  software  include  each 
other  on  their  buddy  lists,  detect 
See  SIMPLE,  page  72 


Users  hoping  SIP’s  the  answer 

But  concerns  remain  over  whether  VoIP  products  will  work  together. 


■  BY  PHIL  HOCHMUTH  AND 
TIM  GREENE 

John  Ridley  is  stuck  between 
the  old  world  of  circuit-switched 
telephony  and  the  new  world  of 
voice  over  IP 

How  soon  the  Coca-Cola  net¬ 
work  executive  can  move  for¬ 
ward  depends  largely  on  which 
IP  telephony  standards  key  ven- 


Third  ot  tour  parts 


dors  support  and  how  true  they 
stay  to  those  standards. 

Ridley  who  is  looking  to  replace 
a  loosely  connected  collection  of 
old  PBXs,  is  among  a  growing 
legion  of  network  executives  who 
say  products  based  on  Session 


Initiation  Protocol  (SIP)  are  the 
best  bet  for  delivering  the  true 
benefits  of  VoIP  Such  gear  could 
help  simplify  network  manage¬ 
ment  and  support  new  applica¬ 
tions,  they  say,  although  only  if  the 
products  boast  Ethernet-like 
interoperability. 

“The  problem  with  IP  telephony 
equipment  today  is  that  there  is 
See  Convergence,  page  14 


Network  management  systems: 

HP  OpenView  wins  our  enterprise  NMS  test 
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Linux  ready  with  self-managing  features  for  every  e-business. 

Intel  -based  /  xSeries™ 

It’s  an  affordable  and  powerful 
combination  of  mainframe- 
inspired  reliability  and  smart 
systems  management  tools. 

UNIX4/  pSeries™ 

Highly  available,  highly  affordable 
and  highly  coveted.  The  pSeries  is 
the  platform  of  choice  for  powerful 
UNIX  and  Linux  solutions. 


Midrange  /  iSeries™ 

Brings  easy-to-deploy,  plug  and 
play  e-business  to  your  business. 
Sophisticated  technology  that’s 
easy  to  manage  and  Linux  ready. 


Mainframe  /  zSeries™ 

Maximum  reliability,  maximum  power, 
maximum  flexibility.  Designed  for 
up  to  99.999%  uptime1  to  handle  the 
demands  of  today’s  e-businesses. 


Winning  with  ERP:  Italian  motorcycle  sensation  Aprilia  has  an  enviable  track  record.  Their  ERP  solution, 

automating  their  order-to-shipment  process,  delivers  nearly  100%  uptime.2  How?  A  high-revving  IBM  UNIX  server  high 

availability  cluster  running  AIX®3  For  an  IDG  report  on  how  growing  companies  are  using  IT  to  advance  their 

business,  go  to  ibm.com/eserver/aprilia  ^  , 

(&  business  n  -me. 


Requires  Parallel  Sysplex*’  environment  ’Excludes  scheduled  downtime  ’The  IBM  solution  included  two  IBM  UNIX  server  models  7026-M80  and  7026-H80  with  IBM  storage  model  2105-F20  and  IBM  HACMP  software.  These  server  models  are  • 
longer  available  trom  IBM  AH  numbers  and  results  reported  are  from  customer  sources.  This  customer  example  is  intended  as  an  illustration  only.  Costs  and  results  obtained  in  other  customer  environments  will  vary  depending,  among  other  thir  >gs 
on  individual  customer  configurations  and  conditions.  IBM,  the  e-business  logo,  e-business  is  the  game.  Play  to  win.  AIX.  iSeries.  pSeries.  xSeries,  zSeries  and  Parallel  Sysplex  are  trademarks  or  registered  trademarks  of  International  Business 
Machines  Corporation  in  the  United  States  and/or  other  countries.  Linux  is  a  registered  trademark  of  Linus  Torvalds.  Intel  is  a  registered  trademark  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries  UNIX  is  a  registers : 
trademark  of  The  Open  Group.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  'S  2002  IBM  Corporation.  All  rights  reserved. 


J  "To  meet  ever-increasing  demand  for  our  online 
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;  ’  products  and  services,  Toyota  turned  to  Akamai 
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to  instantly  extend  the  scale ,  performance  and 

■ 

reach  of  its  infrastructure  at  a  fraction  of 
the  cost  associated  with  traditional  build-out. " 
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^-Barbra  Cooper 
:  Group  Vice  President  and  CIO 
/Jfr  Toyota  Motor  Sales,  U.S.A.,  Inc. 
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Toyota  is  driving  down 
the  cost  of  e-business. 


m. 


Akamai  Gives  Toyota  Motor  Sales  the  Competitive  Edge. 


When  Toyota  launched  a  series  of  online  marketing  initiatives  to  promote  new  vehicles,  consumer 

, 

traffic  to  its  sites  began  to  multiply.  To  meet  the  needs  of  its  growing  audiences  without  over-provisioning 
its  network,  Toyota  turned  to  Akamai.  Our  distributed  content  delivery  approach  helps  Toyota  maintain 
■  top  site  performance.  By  extending  its  infrastructure  to  the  edge — closer  to  customers — Toyota  gains 
efficient,  reliable  delivery  of  highly  interactive  information,  such  as  sales  and  marketing  campaigns, 
while  maintaining  control  and  significantly  reducing  infrastructure  costs. 
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Learn  how  your  e-business  can  benefit  from  Akamai 
— get  our  Executive  Guide  to  E-Business  Infrastructure. 


V-j.v/ 


www,akamai.com/CIOmag  1-888-340-4252 


Akamai 

The  Competitive  Edge  for  E-Business 


©  2002  Akamai  Technologies,  Inc.  All  Rights  Reserved.  Akamai  and  the  Akamai  logo  aie  registered  trademarks. 
All  other  trademarks  contained  herein  are  the  property  of  their  respective  owners. 
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News 

■  8  SilverBack  Technologies  boosts  Cisco  management  support. 

■  8  Novell  sharpens  focus  on  identification  management. 

■  10  Canadian  airline  flies  with  IBM  technology. 

■  10  Microsoft  sets  support  expiration  date. 

■  10  Williams  Communications  back  from  the  brink. 

■  12  Cape  Clear  adds  management,  security  to  Web  services. 

■  14  Providers  split  on  SIP,  H.323  support. 

■  15  Lucent,  Cisco  in  ATM/frame  relay  deal? 

■  16  Cisco  looks  to  court  smaller  customers. 

■  16  F5  Networks  fortifies  application  management  wares. 


Infrastructure 

■  17  University  goes  gaga  over 
Gigabit. 

■  17  Start-up  secures  stored  net¬ 
work  data. 

■  17  McData  adds  switch  for 
workgroup  storage. 

■  18  Intel  puts  security  on  net¬ 
work  chip. 

■  22  Dave  Kearns:  The 

Microsoft  Exchange  Conference 
evolution. 

Enterprise 

Applications 

■  25  Slow  growth:  Just  one  Oracle 
challenge. 

■  25  Secure  e-mail  on  tap  from 
Tumbleweed. 

■  28  Portal  vendors  ease  remote 
access  security. 

■  28  Scott  Bradner:  All  the 

news  fit  to  find. 

Service  Providers 

■  31  Dueling  lawsuits  concern 
content  delivery  network  users. 

■  32  Sprint  pushing  managed 
voice  over  IP. 

■  32  Johna  Till  Johnson: 

Multi-protocol  Label  Switching  shows 
signs  of  really  taking  flight. 

■  34  Special  Focus: 

AT&T:  The  reorganization  continues. 


The  Edge 

■  37  Session  control  paves  way 
for  IP  voice. 

■  37  WaveSmith  lands  Ciena  for 
funding. 

■  40  MPLS  feature  becoming 
SONET  alternative. 

■  40  SBC  Communications 
expands  Nortel  pact. 

Technology  Update 

■  41  StarFabric  eases  bus 
architecture. 

■  41  Steve  Blass:  Ask  Dr 

Internet. 

■  42  Mark  Gibbs:  Excellent 
remote  control  for  free. 

■  42  Keith  Shaw:  Cool  tools, 
gizmos  and  other  neat  stuff. 

Opinions 

■  44  Editorial:  Industry  slump 
doesn't  preclude  advances. 

■  45  Daniel  Blum:  The  appli¬ 
cation  identity  crisis. 

■  45  Thomas  Nolle:  Is  it  too 

late  for  FCC  hearings? 

■  73  BackSpin:  IT  profession¬ 
als  online:  Anything  goes? 

■  73  'Net  Buzz:  Why  Digital 
River  is  bullish  on  e-commerce. 

Management 

■  56  Managing  technology 
turnover:  IT  execs  share  tips  for 
squeezing  new  life  out  of  surplus 
gear  and  disposing  of  old  equipment. 


Features 

Troubleshooting 
your  database 

Tips  for  keeping  those  new  database 
applications  from  swamping  your  network. 

Page  47. 

Review 

World  Class  Award 

Hewlett-Packard  OpenView  wins  a 
World  Class  Award  for  its  excellence 
in  managing  network  devices  and 
monitoring  network  resources. 

Page  50. 
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The  World  Class  Award  went  to  HP  OpenView  for  the  plethora  of 
information  it  provides. 
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Interactive 


Columnists 


Practical  patch  management 

Patch  management  is  one  of  the  prickliest,  and  most  costly,  problems 
network  executives  face  today.  But  you  can  get  it  under  control.  Find 
out  how  via  our  online-exclusive  story,  part  of  our  supplement,  "The 
Secure  Enterprise,"  bound  into  this  week’s  issue.  DocFinder:  2734 

Live  from  the  CTIA  Wireless  show 

Get  the  news  on  the  latest  and  greatest  wireless  products  and  ser¬ 
vices  on  the  horizon  from  Cool  Tools  columnist  Keith  Shaw,  live  from 
Las  Vegas.  DocFinder:  2735 

Telework  security  made  easy 

Get  Net.Worker  Managing  Editor  Toni  Kistner’s  take  on  a  new  report 
that  wades  through  the  complex  world  of  remote  security, 

DocFinder:  2736 

Seminars  and  Events 

Convergence  is  a  go 

Voice  and  data  finally  can  be  converged  on  the  only  network  that  mat¬ 
ters:  yours.  Let  keynote  presenter  Steve  Taylor  be  your  guide  as  he 
shows  you  why  the  time  is  now  for  VoIP.  Come  to  Network  World's  Tech 
Update:  "VoIP:  The  Right  Time  for  a  Rollout"  and  find  out  how  to  start 
a  VoIP  implementation  today. 

DocFinder:  2645 

■  CONTACT  US  NetworkWorld,  118Turnpike  Road,  Southborough, 
MA  01772;  Phone:  (508)  460-3333;  Fax:  (508)  490-6438; 

E-mail:  nwnews@nww.com;  STAFF:  See  the  masthead  on  page  16 
for  more  contact  information.  REPRINTS:  (717)  399-1900 

SUBSCRIPTIONS/CHANGE  OF  ADDRESS:  Phone:  (508)  490-6444; 
Fax:  (508)  490-6400;  E-mail:  nwcirc@nww.com; 


Compendium 

Weblogs,  ethics  and  Microsoft 
Fusion  Executive  Editor  Adam  Gaffin  alerts  you  to  dustup 
between  bloggers  who  went  on  a  Microsoft-paid  junket  and 
didn't  reveal  that  fact  when  writing  about  Redmond’s  product 
offerings.  Is  that  dishonest? 

DocFinder:  2737 

Help  Desk 

Protecting  one  LAN  from  another 
Columnist  Ron  Nutter  helps  a  user  who's  looking  for  a  fire¬ 
wall  that  would  guard  one  LAN  from  the  other,  but  also  let 
them  access  the  'Net  together. 

DocFinder:  2738 

Home  Base 

Bringing  in  the  big  guns 

Columnist  Jeff  Zbar  offers  tips  on  choosing  the  right  tele¬ 
work  consultant.  DocFinder:  2739 

View  from  the  Edge 

Lucent:  A  second  warning 

The  Edge  Managing  Editor  Jim  Duffy  examines  Lucent's  lat¬ 
est  grim  report,  in  which  10,000  more  employees  will  lose 
their  jobs.  DocFinder:  2740 


What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 
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The  Good  n  Bad  u  Ugly 

<§>  Back  in  vogue.  David  Passmore,  co-chairman  of  last  week's  Next  Generation 
Networks  conference  in  Boston,  told  attendees:  "Investors  and  network  equipment 
vendors  are  rediscovering  the  enterprise.  It's  like  that  pendulum  is  swinging  back. 
It  went  from  the  enterprise  to  the  service  provider  market  and  now  back  to  the 
enterprise." 


Defeating  the  purpose.  “Order  on  the  Internet  -  call  for  details." 
Those  words,  on  a  sign  in  front  of  a  restaurant  near  Network  World's  headquarters 
in  Southborough,  Mass.,  had  more  than  a  few 
editors  shaking  our  heads. 

A  long  wait  Discharged 
managers  and  executives 
surveyed  by  outplacement 
firm  Challenger,  Gray  & 

Christmas  in  the  third  quarter 
experienced  average  job-search 
times  of  nearly  four  months, 
the  longest  stretch  of  joblessness 
since  the  firm  began  its  survey 
in  1986.  The  company  pointed  to 
corrupt  executives  as  being  partly 
to  blame,  as  their  actions  have  made 
employers  more  cautious  about  taking 
on  new  employees.  > 


Buyers  looking  to  larger  vendors 

■  With  IT  budgets  tight,  most  CIOs  are  consolidating  purchases 
with  larger  vendors  with  strong  brands  and  the  ability  to  provide 
a  variety  of  products  and  services,  a  survey  has  found. The  main 
beneficiary  of  this  trend  is  IBM,  followed  by  Dell,  Cisco  and 
Hewlett-Packard,  according  to  a  survey  of  100  CIOs  conducted 
by  the  research  department  of  Merrill  Lynch.  Eighty  percent  of 
respondents  said  they  are  consolidating  purchases  with  larger 
vendors,  while  5%  said  they  were  shifting  purchases  to  smaller 
vendors. The  remainder  reported  no  change  in  their  purchasing 
strategy.  Areas  in  which  respondents  said  they  are  spending 
more  this  year  than  originally  planned  are  security,  consulting 
and  outsourcing.  Respondents  are  spending  less  than  planned 
this  year  on  computer  hardware,  communications  equipment 
and  software. 

Akamai  announces  mcuor  layoffs 

■  Content  delivery  specialist  Akamai  Technologies,  which  pioneered  the  business  of 
speeding  content  across  the  Internet,  is  laying  off  more  than  a  quarter  of  its  workforce 
as  it  strives  for  profitability  in  the  sluggish  economy.  The  company  says  it  will  cut  its  789- 
strong  workforce  to  about  550  by  year-end. “With  the  economy  continuing  to  put  nega¬ 
tive  pressure  on  high-tech  spending,  we’ve  taken  a  hard  look  at  the  markets  and  cus¬ 
tomers  that  we  choose  to  serve,”  Akamai  CEO  George  Conrades  said  during  a  confer¬ 
ence  call  with  financial  analysts.  “We  are  strengthening  our  primary  focus  on  our 
EdgeSuite  service,  including  the  exciting  potential  we  see  for  edge  computing.”  (See 
related  story,  page  31.) 

Symantec  posts  gains ...  and  a  patch 

■  There  was  good  news  and  bad  news  for  Symantec  last  week.  The  security  firm 
reported  a  34%  increase  in  revenue  for  its  quarter  ending  Sept.  27:  $325  million  vs. 
$242  million  for  the  same  quarter  the  year  before.  Net  income  was  $52  million,  com¬ 
pared  with  a  net  loss  of  $12  million  a  year  ago.  But  at  the  same  time, Symantec  had  to 
admit  to  a  security  hole  that  Advanced  IT  Security  of  Copenhagen  had  discovered  in 
the  Web  proxy  component  of  Symantec’s  Enterprise  Firewall  product.  An  attacker 
aware  of  the  vulnerability  could  cause  the  Symantec  firewall’s  Web  server  proxy  to 
pause  for  a  period  of  time  and  fail  to  respond  to  legitimate  requests.  Symantec  issued 
a  patch  for  the  problem,  which  also  could  affect  its  Raptor  Firewall  for  Windows  NT 
and  Solaris,  the  Symantec  Enterprise  Firewall  for  Windows  2000,  NT  and  Solaris;  the 
VelociRaptor  models  500, 700, 1000, 1 100, 1200  and  1300;  and  the  Symantec  Gateway 
Security  51 10,5200  and  5300  products. 

COMPENDIUM 

Who  switches  to  XP? 

Microsoft  found  itself  in  another  public  relations  gaffe  last  week,  when  industrious 
Slashdotters  and  the  Associated  Press  discovered  an  alleged  account  of  a  person's 
move  from  a  Macintosh  to  Windows  XP  was  written  by  a  person  working  for  a 
Microsoft  public  relations  company  (and  her  photo  was  taken  from  a  stock  photo 

collection). 

See  Compendium  at  www.nwfusion.com,  DocFinder:  2745. 


Sun  to  cut  11%  of  workforce 

■  Sun  will  lay  off  close  to  1 1%  of  its  workforce  as  the  company  continues  to  be  pun¬ 
ished  by  a  slowdown  in  technology  spending.  Sun  last  week  reported  revenue  of  $2.7 
billion  for  its  first  fiscal  quarter,  which  ended  Sept  29.  This  marks  a  4%  drop  from  the 
same  quarter  a  year  ago  when  Sun  pulled  in  $2.9  billion  in  revenue.Sun  plans  to  reduce 
its  workforce  from  its  current  level  of  almost  39,000  workers.  Reports  issued  earlier  from 
Merrill  Lynch  and  Sanford  C.  Bernstein  had  indicated  that  Sun  could  announce  layoffs 
of  up  to  8,000  people  or  20%  of  its  workforce. 

Quantum  establishing  NAS  spinoff 

■  Quantum  is  spinning  off  its  network-attached  storage  unit  as  part  of  a  restructuring 
plan  that  sees  the  company  focusing  on  its  core  tape-backup  equipment  business.  A 
new  company,  Snap  Appliance,  will  purchase  Quantum’s  NAS  assets  for  $11.3  million 
and  take  on  about  40  Quantum  NAS  personnel.  Quantum  offered  NAS  products  around 
the  world,  but  Snap  Appliance  will  sell  only  in  North  America.  The  CEO  of  Snap 
Appliance  will  be  Eric  Kelly,  who  previously  held  positions  at  Maxtor,  Dell  and  IBM. 
Quantum  created  Snap  Appliance  about  two  years  ago  with  the  intention  of  taking  the 
company  public. That  plan  has  since  been  abandoned. 

Web  services  group  to  expand  board 

■  The  Web  Services  Interoperability  Organization  last  week  said  it  will  add  two  seats  next 
March  to  its  board  of  directors,  a  move  that  might  help  heal  a  rift  between  the  group  and 
Sun. The  group  of  more  than  150  companies  was  formed  in  February  to  foster  interoper¬ 
ability  of  Web  services  software. The  new  director  companies  will  be  elected  by  the  full 
membership  and  will  have  the  same  rights  and  responsibilities  as  the  current  nine  board 
members, but  they  will  serve  limited  terms.The  current  members,  including  Microsoft  and 
IBM, are  permanent.The  news  brought  a  guarded  welcome  from  Sun,  which  in  the  past 
indicated  it  wanted  to  be  brought  into  the  group  as  a  permanent  board  member. There  is 
a  history  of  bad  blood  between  Sun  and  WS-1,  which  was  formed  by  Microsoft  and  others 
with  Sun,  a  major  server  software  vendor  and  creator  of  Java,  conspicuously  absent. 
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Facts  clarify  solutions.  See  how  Exchange  2000  Server  works  for  more  and  more 
businesses  at  microsoft.com/exchange/idc  Software  for  the  Agile  Business. 


C  2002  Microsoft  Corporation.  All  rights  reserved.  Microsoft  and  Outlook  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  ow  n  - 
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Williams 

back  from 
Chapter  1 1 

■  BY  MICHAEL  MARTIN 

Williams  Communications 
emerged  from  Chapter  1 1  bank¬ 
ruptcy  last  week  with  a  new 
name,  no  debt  and  $375  million 
available  in  credit. 

The  carrier  will  now  be  known 
as  WilTel  Communications 
Group.  It  will  continue  to  serve  a 
customer  base  consisting  mostly 
of  other  carriers,  but  also  includ¬ 
ing  large  corporate  network 
accounts.  WilTel’s  business  focus 
and  product  portfolio  will  re¬ 
main  the  same. 

The  carrier,  which  operates  a 
national  fiber-optic  network  and 
provides  connectivity  to  some 
international  customers,  filed  for 
bankruptcy  in  April. 

After  spending  billions  of  dol¬ 
lars  building  out  its  network,  the 
company  was  struggling  under  a 
debt  load  of  about  $6  billion. 

Williams  didn’t  lose  any  major 
customers  during  its  bankruptcy, 
and  its  past  financial  woes  aren’t 
likely  to  scare  off  clients,  says 
Russ  McGuire,  chief  strategist 
with  TeleChoice  and  a  Network 
World  columnist. 

“Who  among  their  competitors 
hasn’t  been  in  bankruptcy  or 
some  sort  of  financial  trouble?” 
he  asks. 

Williams  competes  most  direct¬ 
ly  in  the  wholesale  market  with 
carriers  such  as  Global  Crossing 
and  Level  3  Communications. 

Seth  Libby,  a  senior  analyst  with 
The  Yankee  Group,  says  Level  3 
might  have  an  edge  over  the  oth¬ 
ers  just  because  it  has  avoided  fil¬ 
ing  for  bankruptcy  protection. 

“They  have  some  huge  debt, 
but  they’ve  lasted  longer  than 
many  people  expected,”  he  says. 

Observers  also  are  curious  to 
see  what  effect  the  newly  debt- 
free  carriers  will  have  on  service 
pricing.  Hie  concern  is  that  they 
will  continue  to  force  prices 
down,  making  it  even  more  diffi¬ 
cult  for  carriers  to  turn  a  profit. 

“There  needs  to  be  some  con¬ 
solidation  in  the  industry?’  Mc¬ 
Guire  says.’lf  nothing  changes,  in 
two  years  all  those  companies 
that  filed  for  Chapter  1 1  will  be 
filing  for  Chapter  7  bankruptcy? 

(In  a  Chapter  7  bankruptcy  fil¬ 
ing,  a  business’  assets  are  liqui¬ 
dated,  instead  of  the  business 
reorganizing  as  it  does  under 
Chapter  1 1.)  ■ 


Flying  with  IBM  technology 

Arinc  develops  system  to  speed  airport  check-ins. 


■  BY  DENISE  DUBIE 

RICHMOND,  B.C.  —  Air  travelers  passing 
through  Vancouver  International  Airport  will 
be  the  first  to  test  new  technology  that 
promises  to  offer  a  variety  of  travel-enhanc¬ 
ing  features  from  faster  check-in  to  better 
customer  service. 

The  airport  inked  a  deal  this  month  to  use 
IBM  technology  in  80  new  “common-use” 
kiosks.The  kiosks  include  software  that  com¬ 
plies  with  an  airline  industry  standard  called 
common-use  self-service  (CUSS).CUSS-com- 
pliant  kiosks  will  let  several  airlines  offer 
check-in  services  from  one  self-service  unit. 

The  idea  behind  the  kiosks  is  to  let  airlines 
offer  more  self-service  options,  such  as 
accessing  frequent-flyer  account  status.  At 
the  same  time,  proponents  argue  that  the  air¬ 
lines  —  Air  Canada  is  the  first  and  so  far  only 
to  sign  on  —  also  can  cut  costs  and  optimize 
use  of  space  in  airport  terminals. 

Until  now,  kiosks  have  let  passengers  check 
in  or  access  data  for  one  airline  only  and 
were  usually  located  near  an  airline’s  gate. 
The  new  kiosks  can  be  rolled  out  in  more 
locations  such  as  hotel  lobbies  and  car  rental 
offices,  says  Bob  Goodwin,  a  vice  president 
with  Gartner.  “What’s  important  to  airlines 
now  is  retaining  customer  satisfaction  with 


Vancouver  International  Airport  will  test  IBM  kiosk 
technology  that  promises  faster  check-in. 


their  frequent  flyers,”  he  says. 

Ultimately  IBM  expects  to  see  the  kiosks  in¬ 
stalled  in  parking  lots  and  hotels,  letting  pas¬ 
sengers  check  in  before  getting  to  the  airport. 

Rob  Ranieri,  e-Access  Practice  Lead  for 
IBM’s  Self-Service  Kiosk  group,  says  the  tech¬ 
nology  also  will  let  airports  and  airlines  man¬ 
age  several  kiosk  terminals  with  one  tool,  IBM 
Kiosk  Manager. This  Web-based  tool  for  moni¬ 
toring  kiosk  performance  also  can  feed  data 
into  a  network  management  console  such  as 
Tivoli  Enterprise  Console,  Computer  Associ¬ 
ates  Unicenter  and  Hewlett-Packard  Open- 
View.  Each  kiosk,  including  terminal,  printer 
and  server,  would  be  represented  as  one 
event.  IBM’s  Kiosk  Manager  can  alert  airport 
IT  staff  to  kiosk  problems  ranging  from  net¬ 
work  connectivity  troubles  to  printer  errors. 

Ranieri  says  CUSS-enabled  kiosks  benefit 
passengers,  airlines  and  airports.  “Airports 
won’t  have  to  build  new  terminals  as  quickly 
and  can  continue  to  check  in  more  people 
per  square  foot,”  he  says. 

IBM  and  transportation  communication 
vendor  Arinc  developed  the  new  system. 
Arinc  is  responsible  for  project  management, 
on-site  integration  and  testing,  network  con¬ 
nectivity  to  Air  Canada’s  application  and 
ongoing  maintenance. 

IBM:  www.ibm.com;  Arinc:  www.arinc.com 


Microsoft  sets  five-year  limit  on  support 

New  policy  ends  product  support  five  years  after  release  date. 


■  BY  JOHN  FONTANA 

Microsoft  last  week  instituted 
specific  timetables  on  the  length 
of  support  it  will  offer  on  its  prod¬ 
ucts  in  an  effort  to  help  corporate 
customers  better  plan  their  up¬ 
grade  cycles. 

Microsoft’s  Support  Lifecycle 
policy,  which  officially  kicked  off 
Oct.  15,  dictates  that  all  business 
and  development  software  will 
have  mainstream  product  sup¬ 


port  for  five  years  from  the  date  it 
is  released.  Mainstream  support 
includes  no-charge  incident  sup¬ 
port,  paid  incident  support,  sup¬ 
port  charged  on  an  hourly  basis, 
support  for  warranty  claims  and 
hot-fix  support. 

“Microsoft  is  not  changing  its 
support  plan,  it  is  just  making  it 
clearer  and  letting  enterprises 
plan  accordingly’  says  A1  Gillen, 
an  1DC  analyst.  Gillen  dismisses 
the  notion  that  the  move  is  yet 


another  way  to  force  people  to 
Microsoft’s  controversial  Licen¬ 
sing  6.0  program,  which  began  in 
August. 

He  says  that  just  because  sup¬ 
port  disappears  doesn’t  mean 
users  must  retire  a  product.  “By 
the  end  of  the  support,  the  soft¬ 
ware  is  probably  stable,  and 
users  can  do  their  own  support,” 
he  says. 

In  the  past,  users  were  left  to 
wonder  when  Microsoft  would 
pull  the  support  plug  on  certain 
products.  Now  they  know  that 
they  have  five  years.  Microsoft 
also  will  offer  two  years  of  extend¬ 
ed  support,  which  includes  assist¬ 
ed  support  that  may  be  charged 
on  an  hourly  basis  and  can 
include  hot-fix  support.  During 
that  period,  however,  users  who 
want  nonsecurity  hot-fix  support 
will  need  to  purchase  a  contract 
within  the  first  90  days  after  the 
end  of  a  product’s  mainstream 
support  phase. 

During  the  extended  phase, 
Microsoft  will  not  accept  requests 
for  warranty  support,  design 


Teleworker 

tantrums 

Remote  support  lines  ringing  off  the  hook?  Teleworkers 
—  and  their  tech  problems  —  need  special  handling.  Turn 
to  Net.Worker  for  tips  and  advice  to  get  the  job  done. 

Log  on  to  www.nwfusion.com/net.worker/ 


www.nwfusion.com/net.worker/ 


changes  or  new  features. 

But  Microsoft  also  left  itself 
some  wiggle  room,  saying  some 
product  support  could  be  extend¬ 
ed  based  on  customer  demand, 
and  that  the  company  could 
extend  support  terms  for  larger 
customers.  Also,  resellers  and 
consulting  companies  would  not 
be  restricted  from  offering  longer 
periods  of  support. 

Under  the  new  guidelines,  sup¬ 
port  for  Windows  2000  will  extend 
until  March  31.2007;  for  Exchange 
5.5  SP4  until  Dec.  31,  2003; 
Exchange  2000  SP3,  Dec.  31 , 2005; 
SQL  Server  7.0  SP4,  March  31, 
2004;  and  Internet  Information 
Server  4,  Dec.  3 1,2002  and  Version 
5,  March  31,  2005.  A  full  list  is 
available  at  www.nwfusion.com, 
DocFinder:  2746.  ■ 


Windows 

Networking 


Subscribe  to  our  free  newsletter. 
DocFinder  5434  www.nwfusion.com 


■  Cost-effective  access 
routing  for  branch  office 
connectivity  and 
internet  access 

■  Recognizable  Command 
Line  Interface  (CLI) 

■  No  retraining  or 
costly  certification 

■  Built-in  stateful 
inspection  firewall 

■  Interoperable  with  other 
standards-based  routers 

■  Optional  PBX  connectivity 

■  Optional  dial 
backup  system 

■  Built-in  DSU/CSU  for 
WAN  termination 

■  Free  24x7  telephone 
technical  support 

■  Optional  extended 
installation  and 
maintenance  program 


This  powerful  new  access  router  from  ADTRAN  is  everything  you 
need  in  a  router,  and  then  some,  at  a  cost  that’s  up  to  55  percent 
less  than  other  brand  name  routers.  This  high-quality,  low-cost 
alternative  features  a  stateful  inspection  firewall,  a  DSU/CSU,  and  a 
familiar  CLI.  Comprehensive  dial  backup  and  PBX  connectivity  are 
available  at  a  minimal  cost.  Interoperable  with  other  standards-based 
routers,  the  NetVanta  3000  series  fits  seamlessly  into  your  existing 
network.  Backed  by  unlimited  telephone  support  and  a  5-year 
warranty,  the  NetVanta  3000  series  is  clearly  the  intelligent  choice. 

New  vendor  to  routing?  No  way!  ADTRAN  has  incorporated  its 
router  technology  into  selected  WAN  connectivity  products  for  the 
past  five  years;  with  more  than  75,000  now  installed  in  networks 
around  the  world.  The  NetVanta  3000  series  is  the  latest  in  a  long 
line  of  market-leading  internetworking  and  connectivity  solutions, 
from  a  company  with  a  17-year  history  of  customer  satisfaction. 


Dare  to  compare  the  new  NetVanta  3000  series! 

www.dare2compare.adtran.com 

877.212.0327  Technical  Questions 
877.280.8416  Where  to  Buy 


Experts  choose  ADTRAN7 


Aehrat 
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Gape  Clear  aims  to  ease  Web  services  management 


■  BY  JOHN  FONTANA 

DUBUN,  IRELAND  —  Cape  Clear  this 
week  will  roll  out  software  designed  to  help 


large  companies  manage  and  secure 
access  to  multitudes  of  Web  services  run¬ 
ning  across  their  networks. 

The  company  will  release  the  beta  of  its 


Java-based  Cape  Clear  Generation  4  suite, 
which  includes  Cape  Clear  Management 
Server,  its  newest  product  that  provides  a 
single  console  for  managing  and  monitor- 
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Fast,  accurate,  automatic.  Perfect  backup  and  restore  for  small  and  midsize  businesses. 


If  it  s  worth  creating  it's  worth  saving  with  Dantz  Retrospect® 
Retrospect  is  simply  the  most  intelligent  backup  software  for 

-  fast,  thorough  backups  and 

100%  accurate  restores  of  your 
critical  business  data. 


" Retrospect  creates  its  ou> n 
backup  filing  system  that 
combines  for  speed,  convenience 
and  easy  management,  giving 
us  good  reason  to  designate 
it  a  World  Class  product ' 

-  Network  World 


Retrospect's  patented  technolo¬ 
gy  automates  backup  and 
restore  of  notebooks,  desktops, 
file  servers,  and  line-of-business 
application  servers  such  as 
SQL  and  Exchange.  There's 
no  complex  manual  scheduling  or  tape  juggling.  Backup 
schedules  are  automatically  adjusted  ensuring  that  every 
computer  on  the  network  is  protected  -  even  notebooks  that 


~  D«°°  0  **■ 


come  and  go.  Retrospect  supports  Windowsf  Linux,  Solaris, 
and  Macintosh;  and  adapts  easily  to  your  existing  data 
storage  hardware. 

Trusted  worldwide  in  millions  of  computers  daily,  Retrospect 
is  the  intelligent  solution  for  businesses  that  must  rely  on 
perfect  file  protection,  every  time,  every  day. 

Dantz  Retrospect.  It's  the  only  backup  software  you  will 
ever  need. 

Start  today  with  the  Top  1 0  Backup  Tips, 
visit  www.dantz.com/v6 
or  call  1-800-225-4880 
for  more  information. 


Intelligent  Backup  and  Restore 

<02002  Dantz  Development  Corporation  Retrospect  and  the  Dantz  logo  are  registered  trademarks 
of  the  Dantz  Development  Corporation  All  other  trademarks  are  the  property  of  their  respective  owners. 
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ing  Web  services. The  software  lets  compa¬ 
nies  eliminate  the  need  to  manage  each 
Web  service  they  deploy  individually 

Cape  Clear  also  is  adding  integration  with 
corporate  authentication  services  to  con¬ 
trol  user  access  to  Web  services. 

In  addition,  the  company  is  upgrading 
Cape  Clear  Generation’s  CapeStudio  devel¬ 
opment  tools  with  full  support  for  XML,  and 
its  CapeConnect  Java-based  deployment 
platform  with  support  for  reliable  messag¬ 
ing  middleware,  including  IBM  MQSeries 
and  the  Java  Messaging  Service. 

“This  is  the  direction  Cape  Clear  needs  to 
take  as  companies  contemplate  Web  ser¬ 
vices  for  real-world  applications  where  the 
first  questions  are  about  security  and  man¬ 
agement,”  says  David  Schatsky,  vice  presi- 


Web  services  uptake 

In  a  recent  survey  by  Jupiter 
Research  more  than  4,000  IT 
executives  were  asked,  “How 
does  your  organization  use  Web 
services  technology  currently?” 


Integrate  internal  applications  behind  firewall 


Integrate  with  known  customers,  partners  and  suppliers 


Provide  services  to  new  customers 

28% 


Discover/interact  with  third  parties 

19% 


Not  deployed 

18% 


Note:  Multiple  responses 
were  allowed. 


dent  and  research  director  for  Jupiter 
Research.  A  recent  survey  by  Jupiter  shows 
82%  of  IT  executives  have  some  sort  of  Web 
services  deployment  at  their  company. 

Management  Server  is  Cape  Clears  at¬ 
tempt  to  provide  those  services,  in  addition 
to  management  and  monitoring,  the  soft¬ 
ware  lets  users  replicate  Web  services  with¬ 
out  having  to  take  down  servers. 

Access  control  security  in  Management 
Server  is  built  on  support  for  Lightweight 
Directory  Access  Protocol.  Cape  Clear  also 
has  added  support  for  Netegrity’s  Site- 
Minder,  software  that  provides  single  sign- 
on  capabilities,  and  XML  Signatures  proto¬ 
col  that  provides  integrity  and  nonrepudia¬ 
tion  for  XML  messages  and  documents. 

Companies  have  struggled  for  years  with 
security  integration  and  management 
nightmares  fueled  by  individual  applica¬ 
tions  that  have  their  own  security  service. 

Several  vendors  also  are  trying  to  solve 
the  same  issues  in  the  Web  services  realm, 
including  SeeBeyond  Technology,  Tibco, 
Vitria  and  WebMethods. 

Cape  Clear  Generation  is  expected  to 
ship  in  late  November. 

The  software  is  priced  at  $2,000  for  the 
development  tools  and  $10,000  for 
CapeConnect  ■ 


Finally  -  the  missing  piece! 


Today’s  ever-growing  data  centers  make  it  harder 
than  ever  to  get  hands-on  control  of  all  your  servers 
and  network  devices.  Now  you  can  have  direct 
access  to  every  device  in  your  data  center  from  any 
location,  all  from  a  single  screen.  Manage  and  maintain 
servers  in  your  local  rack  or  across  the  world. 


Total  system  control  over  analog  or  IP  connection 
means  complete  ‘at  the  computer’  troubleshooting 
from  anywhere. 

Now  it’s  all  falling  into  place.  Avocent’s  advanced 
analog  and  digital  KVM  solutions  -  the  perfect  fit 
for  the  server  room  and  enterprise. 


For  the  complete  picture,  download  a  free  KVM  Tech  Guide  today  at 
www.kvmguide.com  or  call  1 -866-AVOCENT  (286-2368),  ext.  3005. 


Avocent,  the  Avocent  logo,  “The  Power  of  Being  There',  “KVM  over  IP”.  DSR,  DSView,  DS1800.  and  CPS  are  trademarks  of 
Avocent  Corporation.  All  other  marks  are  the  property  of  their  respective  owners.  Copyright  ©  2002  Avocent  Corporation. 
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Convergence 

continued  from  page  1 

no  [interoperability]  among  vendors,” 
says  Ridley,  whose  converged  network 
would  serve  70,000  employees. 

Network  executives  are  wary  that  ven¬ 
dors  will  repeat  the  mistakes  they  made 
with  the  older,  less-functional  H.323  tech¬ 
nology.  While  H.323  has  been  imple¬ 
mented  widely,  vendors  took  so  many  lib¬ 
erties  with  it  that  getting  their  products  to 
work  together  can  been  difficult. 

“There  are  a  lot  of  slacker  customers  out 
there  like  us  who  are  just  sitting  on  our  old 
legacy  stuff,  waiting  for  the  market  to 
evolve,”  Ridley  says. 

Making  the  case  for  SIP 

Work  on  SIR  now  an  IETF  standard, 
started  in  1995.  It  was  designed  to  run  on  IP 
and  supports  a  plethora  of  communica¬ 
tions  technologies  from  voice  to  instant 
messaging  to  video.  SIP  also  lets  users 
establish  presence  at  different  locations  on 
a  network,  saying  “1  am  here”  and  letting 
everyone  or  just  a  select  group  know  it.  SIP 
promises  to  support  new  services  such  as 
click-to-dial  phone  calling,  interactive 


voice  response  navigation  of  Web 
sites  and  conferences  that  are  set  up 
when  all  participants  are  ready 

SIP  is  considered  more  efficient 
than  H.323,  which  is  commonly  criti¬ 
cized  as  being  too  chatty, sending  lots 
of  messages  over  the  network  and  cre¬ 
ating  potential  congestion  if  VoIP  is 
heavily  used.  Critics  of  H.323  say  the 
overarching  standard  for  interaction 
among  a  set  of  other  standards  is  too 
unwieldy  to  customize. 

Enthusiasm  for  SIP  has  been  on  the 
rise  in  recent  years  because  of  work 
done  by  organizations  such  as  the  SIP 
Forum,  which  now  has  27  member 
companies  including  Cisco,  Lucent 
and  Nortel.  Microsoft  last  year  gave 
SIP  a  boost  when  it  replaced  H.323 
with  SIP  in  its  Windows  Messenger 
application,  which  supercedes 
Windows  NetMeeting  from  the  days  of 
Windows  95/98. 

SIP  “bake-off”  tests  performed  by  Network 
World  (www.nwfusion.com,  DocFinder: 
2744),  and  by  industry  groups  such  as  the 
SIP  Forum  also  have  helped  build  hope 
among  network  executives  that  SIP  prod¬ 
ucts  would  work  together  once  released. 


Providers  split  on  SIP,  H.323 


In  choosing  between  the  Session  Initiation  Protocol  and  H.323  to  support 
converged  voice  and  data  offerings,  service  providers  are  pragmatic,  judging 
from  a  panel  of  carrier  representatives  who  spoke  at  the  Next  Generation 
Networks  show  last  week. 

Two  of  the  providers  represented,  iBasis  in  the  U.S.  and  FastWeb  in  Italy,  use 
H.323  as  the  underlying  signaling  and  control  protocol  because  they  are  focused 
on  IP  voice  services  that  H.323  supports  well.  The  third  carrier,  WorldCom,  is 
using  SIP  with  an  eye  toward  offering  more  advanced  IP  services  that  include 
voice  but  integrate  it  with  other  communications  such  as  text  messaging. 

FastWeb  is  using  H.323  because  the  company  initially  wants  to  offer  cus¬ 
tomers  what  it  calls  a  triple  play  —  voice,  Internet  access  and  entertainment 
delivered  over  fiber  to  homes,  according  to  Guido  Roda,  FastWeb’s  service  engi¬ 
neering  director.  H.323  is  a  solid  technology  for  controlling  IP  voice,  he  says,  al¬ 
though  he  acknowledges  it  will  limit  the  types  of  services  FastWeb  can  provide. 

Eventually,  FastWeb  might  turn  to  SIP,  Roda  says.  “We  will  trial  SIP  in  our 
infrastructure  to  support  enhanced  services  such  as  instant  messaging  and 
presence,”  he  says.  Presence  is  the  ability  of  users  to  let  the  network  know  they 
can  be  reached,  by  what  technology  and  by  whom. 

WorldCom's  representative  was  reluctant  to  characterize  the  carrier’s  new 
SIP-based  service,  The  WorldCom  Connection,  as  a  voice  offering.  Rather, 

Henry  Sinnreich,  distinguished  member  of  engineering  at  WorldCom,  says  the 
SIP-based  offering  includes  support  for  services  that  follow  customers  to 
whichever  device  they  are  using  to  connect  to  the  network  at  the  time.  It  also 
supports  integration  of  voice  with  instant  messaging  and  e-mail,  Sinnreich  says. 
“You  don't  just  want  voice  over  IP,  you  want  voice,  text,  video,  data,  mobility, 
secure  communications,"  he  says. 

While  such  new  services  eventually  might  attract  customers,  the  key  reason 
customers  buy  IP  voice  services  today  is  to  save  money  on  expensive  calls,  such 
as  those  to  other  countries,  says  Ofer  Gneezy,  CEO  of  iBasis,  a  provider  of  inter¬ 
national  IP  voice  transport. 

Companies  concerned  about  hiring  a  SIP-based  carrier  to  handle  their  H.323 
voice  should  not  worry,  Gneezy  says.  Providers  will  offer  gateways  so  customers 
don't  have  to  change  their  infrastructure,  but  few  businesses  now  seek  IP  links 
into  IP-provider  networks,  he  says.  “The  technology  is  catching  up  so  it  will  be 
ready  before  there  are  a  significant  number  of  [customer-connected]  IP  ports," 
Gneezy  says. 

—  Tim  Greene 


H.323  vs.  SIP 

While  both  H.323  and  Session  Initiation 
Protocol  (SIP)  can  support  VoIP,  the 
protocols  have  plenty  of  differences. 


H.323 

SIP 

ITU  standard 

IETF  standard 

Designed  on  models  of 
ISDN  and  ATM  signaling 

Designed  for  use 
of  the  Internet 

Older  and  more  established, 
particularly  in  LANs 

Newer  standard 

Complex,  using  both  binary 
encoding  and  abstract 
syntax  notation 

Relatively  simple, 
text  based;  similar 
to  HTTP 

Difficult  to  customize 

Accessible  to 
customization 

A  survey  of  96  vendors  last  year  by 
Network  World  and  Miercom  showed  73% 
had  H.323  products,  while  only  40%  had 
SIP  gear. However,51%  said  they  planned  to 
implement  SIP  on  their  products  over  the 
next  year. 

Nortel  and  Siemens  are  among  the  ven¬ 
dors  pushing  SIP  Nortel  says  it  will  ship  its 
Succession  Communication  Server  for 
Enterprise  Multimedia  Xchange  (CSE  MX) 
in  December.  Siemens,  which  already  has 
SIP-capable  phones,  says  its  HiPath  IP  PBX 
software  will  support  a  SIP  stack  along  with 
its  core  H.323  code  in  the  next  major  revi¬ 
sion,  which  is  expected  in  the  first  quarter 
of  next  year.  Alcatel  has  said  its  OmniPCX 
IP  PBX  gear  also  will  be  “SIP-capable”  by 
next  year. 

Others,  such  as  3Com,  which  uses  a  pro¬ 
prietary  version  of  H.323  for  call  control  on 
its  NBX  IP  telephony  server,  and  Avaya  are 
less  enthusiastic.  Avaya,  third  in  IP  telepho¬ 
ny  sales,  says  its  line  of  ECLIPS  IP  telepho¬ 
ny  equipment  can  be  enabled  with  SIP  or 
H.323,  but  the  company’s  proprietary 
H.323-based  protocol  is  still  the  default. 

And  then  there’s  VoIP  market  leader 
Cisco. The  company  supports  SIP  across  its 
gateways,  routers  and  some  IP  phones,  and 
it  says  the  protocol  will  be  added  into  its 
CallManager  enterprise  IP  PBX.  But  ob¬ 
servers  have  questioned  the  company’s 
reliance  on  proprietary  protocols  and 
whether  that  would  interfere  with  the  inter¬ 
operability  of  SIP-enabled  gear  from  Cisco 
and  others. 

“Cisco’s  voice  solutions  contain  a  num¬ 
ber  of  proprietary  and  prestandard  as¬ 
pects,”  according  to  a  recent  report  by  Gart¬ 
ner  Vice  President  Mark  Fabbi.  “Although 
Cisco  supports  SIP  ...  in  a  number  of  prod¬ 
ucts,  its  integrated  solution  requires  that 
users  implement  its  proprietary  ‘Skinny’ 
protocol,” or  Skinny  Call  Control  Protocol. 

The  vendor’s  primary  call-control  tech¬ 
nology  for  its  corporate  IP  telephony 
products  remains  proprietary,  Fabbi 
writes.  (Cisco  also  licenses  its  Skinny  pro¬ 
tocol  to  other  vendors,  such  as  Polycom). 
He  adds  that  “nearly  all”  vendors  use  pro¬ 
prietary  hooks  in  their  VoIP  gear  that  pre¬ 
vents  companies’  products  from  working 


well  together. 

“Most  vendors  don’t  want  to  be 
interoperable,”  says  Brian  Strachman. 
a  senior  analyst  with  Cahners  In- 
stat/MDR.  “No  one  wants  to  say,  ‘Go 
ahead  and  buy  our  IP  PBX  phone  sys¬ 
tem,  and  oh,  you  can  use  Cisco  or 
3Com  phones  with  it  too.’  ” 

The  result, Strachman  says,  would  be 
increased  competition,  which  would 
force  vendors  to  reduce  prices  and 
suffer  lower  profit  margins. 

“The  [traditional]  telecom  mind¬ 
set,”  has  crept  into  the  IP  telephony 
world,  he  says,  but  he  adds  “it’s  been 
changing.  Eventually  it  will  be  more 
open.” 

H.323,  here  and  now 

While  many  observers  consider 
SIP  to  be  the  future  ofVolR  we  live 
in  an  H.323  world. 

H.323  is  still  used  widely  on  ViDENet,  a 
multivendor  IP  voice  and  video  network 
started  in  1995,  that  connects  more  than 
70  universities,  research  institutions  and 
corporate  networks  via  the  Internet  and 
Internet  2. 

More  than  500  gatekeepers  and  gate 
ways,  IP  phones  and  video  stations  based 
on  H.323,  from  vendors  such  as  Cisco, 
Polycom  and  RadVision,  are  deployed. 
Each  member  institution  is  registered  in  a 
central  directory  which  lets  H.323  voice  or 
video  sessions  be  set  up  easily 

“The  reason  for  our  widespread  adoption 
of  H.323  was  that  at  the  time.it  was  the  pro¬ 
tocol  that  proved  to  work  with  off-the-shelf 
components,”  says  Jill  Gemmill,  who  was 
ViDENet  chair  until  September,  and  is  assis¬ 
tant  director  of  academic  computing  at  the 
University  of  Alabama  Birmingham. 

Petroleum  company  Schlumberger 
chose  H.323  over  SIP  for  the  same  reason. 

“SIP  was  pretty  new  when  we  first  started 
looking  into  [our  VoIP]  project,”  says  Brian 
Spolnicki.an  information  solutions  techni¬ 
cal  lead  at  the  company’s  Houston  office. 
The  company  recently  installed  an  IP- 
enabled  PBX  with  H.323  VoIP  in  a  call  cen¬ 
ter  to  consolidate  technical  assistance  into 
three  call  centers  in  Houston;  Calgary, 
Alberta;  and  Caracas, Venezuela. 

The  centers,  which  support  about  60 
agents,  are  connected  via  T-l  lines  and 
Schlumberger’s  DeXa.NET,  a  private  OC-48 
WAN.  An  Ericsson  PBX  with  an  IP  card  sits 
See  Convergence,  page  15 
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Investment  firm  pushes  for  Lucent,  Cisco  ATM  deal 


■  BY  JIM  DUFFY 

A  Wall  Street  investment  firm  last  week 
suggested  Lucent  should  sell  its  market¬ 
leading  ATM/frame  relay  data  network 
assets  to  Cisco  as  a  way  for  the  bludgeoned 
company  to  get  a  quick  infusion  of  cash 
and  to  exit  a  noncore  business. 

UBS  Warburg  issued  a  bulletin  to  inves¬ 
tors  that  stated  the  possibility  and  its  ratio¬ 
nale  for  the  proposed  transaction, claiming 
it  could  be  positive  for  both  companies. 
Lucent  could  raise  $500  million  to  $650 
million  by  selling  its  ATM/frame  relay  busi¬ 
ness  and  establish  an  ongoing  services  rev¬ 
enue  stream,  the  brokerage  firm  said. 
Lucent  is  focusing  on  professional  services 
going  into  2003  in  an  attempt  to  return  to 
profitability. 

For  Cisco,  the  deal  would  vault  it  into  a 
market  leadership  position  with  coveted 
regional  Bell  operating  companies  and 
incumbent  local  exchange  carrier 
accounts,  a  potentially  lucrative  subset  of 


Picking  protocols 

H.323  is  the  most  prevalent  call- 
control  technology  in  the  VoIP 
world,  according  to  a  recent  poll 
of  634  telecom  and  IT  professionals. 

What  technology  do  you  use  to  establish  VoIP  sessions? 


Media  Gateway  Control 
Protocol/MEGACO  Other 


SOURCE:  VOlPWATCH.COM 
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in  Houston  and  supports  call  agents 
using  Ericsson  H.323-based  IP  phones 
in  the  Canadian  and  Venezuelan 
offices. 

Spolnicki  says  he  is  comfortable  with 
swapping  out  phones  for  any  other  com¬ 
modity  H.323  phone,  or  a  Windows  PC 
with  the  H.323-based  NetMeeting  pro¬ 
gram,  if  necessary. 

“SIP  may  be  involved  in  other  segments 
of  the  company  in  the  future,”  Spolnicki 
says,  but  “it  didn't  fit  for  this  particular  pro¬ 
ject  at  the  time.” 

Next  week,  we  run  through  a  list  of  the 
most  pressing  questions  for  a  company 
considering  the  VoIP  leapM 


the  telecom  market  where  Cisco’s  penetra¬ 
tion  has  been  challenged  most. 

“We  have  already  written  in  past  notes 
that  Lucent  should  exit  this  business,  and 


in  fact,  Lucent  last  week  during  its  confer¬ 
ence  call  did  not  mention  data  network¬ 
ing  as  one  of  the  strategic  areas  of  the 
future,"  the  UBS  Warburg  note  stated.  A 


Lucent  spokesman  says  the  company 
does  not  comment  on  rumor  or  specula¬ 
tion.  Cisco  did  not  respond  to  calls  by 
press  time.  B 
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Electronic  Labeling  Systems 


Tony  Serignese 
Information  Systems  Director 
Brother  International  Corporation 
Bridgewater,  NJ 

Uses  the  PT-1300 
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In  my  office,  I  have  to  keep  everything 
running  smoothly.  From  servers  to  work¬ 
stations,  one  disruption  can  be  disastrous 
and  cost  the  company  a  lot  of  money. 

That's  why  I  use  the  P-Touch®  PT-1300. 


labels,  I  can  trust  someone  else  to  get  the 
job  done  with  ease. 

From  LANs  to  WANs,  Intranet  to  Internet, 
my  P-Touch  labeler  makes  every  connec¬ 
tion  possible. 


When  it  comes  to  identification,  it's  all  I  need. 
With  P-Touch  labels,  I  can  easily  identify  all  my 
servers,  workstations,  patch  panels,  cables 
and  face  plates,  making  troubleshooting  guick 
and  minimizing  downtime. 

After  all,  when  I'm  not  in  the  office,  the  com¬ 
pany  has  to  run  without  me.  And  with  all  the 
eguipment  clearly  marked  with  P-Touch 


P-Touch  systems -the  perfect  office  labels, 
wherever  your  office  may  be.  Enter  the 
P-Touch  People  Contest 
and  tell  us  how  your 
P-Touch  helps  you 
organize  your  office. 

We  want  to  know. 

www.ptouchpeople.com 
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P-Touch®  Electronic  Labeling  Systems 
create  industrial  strength  and  standard 
adhesive-backed  laminated  labels  to 
organize  virtually  anything. 

•  Standard  Laminated  Tapes:  Bright,  easy-to- 
read  labels,  perfect  for  safety  precautions  and 
high  visibility  when  hidden  behind  cables. 
Available  in  a  variety  of  colors  and  widths. 

•  Security  Tapes:  Leave  a  checkered  pattern  if 
removed,  to  see  if  anyone  has  tampered 
with  them. 


•  Industrial  Adhesive  Tapes:  Adhere  up  to  two 
times  stronger  than  standard  laminated  tapes. 


(800)622-6312 


(800)825-5517 


(800)463-9275 


(847)918-3700 


www.brother.com  •  1-877-4PT0UCH 


®2002  Brother  International  Corporation,  Bridgewater,  NJ  •  Brother  Industries  Ltd..  Nagdya,  Japan 
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Cisco  looks  to  court  smaller  customers 


I  (The  economic  recovery 
will  be  led  first  by  small  and 
[midsize]  businesses,  v  l 


John  Chambers 

CEO,  Cisco 


■  BY  PHIL  HOCHMUTH 

SAN  JOSE  —  Cisco  this  week 
will  announce  several  programs 
aimed  at  making  its  resources 
and  products  more  accessible  to 
small  and  midsize  companies. 

Customers  will  now  be  able  to 
buy  products  from  Cisco’s  Web 
site,  through  arrangements  made 
with  four  channel  partners.  Cisco 
also  is  expanding  its  lineup  of 
integration  and  project  planning 
services  for  small  companies. 
Some  observers  say  this  an¬ 
nouncement  comes  as  a  “re¬ 
minder”  from  Cisco  as  new  foes 
threaten  to  muscle  in  on  the  com¬ 
pany’s  traditional  turf. 

Products  aimed  at  small  and 
midsize  customers,  such  as  Cat¬ 
alyst  2900  stackable  switches, 
Cisco  800  series  routers  and  low- 
end  P1X  firewall  and  VPN  appli¬ 
ances,  can  now  be  bought  from 
Cisco’s  site  through  links  with 
Cisco  resellers  CDW,  PC  Con¬ 
nection  and  Microwarehouse. 

Companies  also  can  use  Cisco’s 
new  Internet  Business  Roadmap 
service,  which  is  a  Web  portal  that 
provides  access  to  Cisco  techni¬ 


cians  when  customers  are  plan¬ 
ning  network  infrastructure  or 
security  projects.  Cisco  says  it  will 
have  some  enhanced  switching 
and  security  products  and  IP  tele 
phony  product  packages  for 
small  businesses  by  year-end. 

With  large  corporate  IT  spend¬ 
ing  being  flat, and  only  about  30% 
of  Cisco’s  revenue  coming  from 
the  carrier  markets  these  days,  ob¬ 
servers  say  Cisco  is  looking  to  ally 
itself  more  closely  with  smaller 
businesses.  Cisco  CEO  John 
Chambers  hinted  as  much  while 
speaking  at  the  Gartner  Sympos- 
ium/lTXpo  earlier  this  month. 

“Among  businesses,  the  eco¬ 


nomic  recovery  will  be  led  first  by 
small  and  [midsize]  businesses,” 
Chambers  said. “Then  enterprises 
will  follow,  then  service  providers.” 

Cisco  has  been  no  slouch  in  the 
small  to  midsize  business  (SMB) 
market  for  network  gear,  either. 
For  the  past  three  years,  the  com¬ 
pany  has  dominated  the  market 
for  stackable  Layer  2  switch  port 
shipments,  which  is  the  most 
commonly  used  network  tech¬ 
nology  among  small  and  midsize 
companies.  In  2001,  it  had  59.7% 
of  the  ports,  with  its  closest  com¬ 
petitor  having  7.5%  of  the  market. 

Deli  is  another  company  that  is 
pursuing  the  SMB  network  mar¬ 


ket  aggressively.  The  company 
last  year  released  a  line  of  net¬ 
work  switches  amid  sagging 
sales  of  consumer  PCs.  Some  say 
Dell  could  have  a  major  influ¬ 
ence  on  the  market,  as  it  begins 
to  drive  Gigabit  Ethernet  tech¬ 
nology  to  the  desktop  by  making 
1000M  bit/sec  network  interface 
cards  standard  on  its  PCs. 

Cisco  has  reacted  strongly 
toward  Dell’s  entrance  into  the 
network  business,  as  it  recently 
canceled  an  agreement  with  the 
PC  and  server  maker  for  it  to 
resell  Cisco  network  hardware. 
3Com  also  recently  canceled  a 
similar  agreement  with  Dell. 

“The  low-end  network  market 
is  certainly  getting  more  fierce  . . 

.  with  lots  of  new  competitors,” 
says  Kneko  Burney  a  small  and 
midsize  business  analyst  with 
Cahners  Instat/MDR.  She  cites 
Dell  and  Microsoft, which  recent¬ 
ly  introduced  a  line  of  wireless 
LAN  products  for  home  users. 

“Dell  is  on  the  lower  end  of 
switching,  but  that’s  it,”  Burney 
says,  but  adds  that  many  small- 
business  networks  are  requiring 
more  advanced  products.  ■ 


F5  fortifies  application  mgmt  wares 


■  BY  JENNIFER  MEARS 

SEATTLE  —  Internet  traffic  management 
specialist  F5  Networks  next  week  is  planning 
to  announce  hardware  and  software  upgrades 
that  promise  to  help  customers  manage, direct 
and  speed  application  traffic. 

F5  says  its  new  software,  Big-IP  Version  4.5, 
which  runs  on  the 
company’s  family  of 
Big-IP  appliances, 
can  read  any  IP 
packet  header  or 
payload  with  an  eye 
toward  directing 
application  traffic 
based  on  customer- 
defined  rules.  With  the  new  software,  compa¬ 
nies  could  apply  the  same  benefits  achieved 
with  Internet  traffic  management  —  such  as 
high  availability,  security  and  scalability  —  to 
Web-based  applications  without  having  to 
code  rules  into  software  or  deploy  expensive 
hardware,  says  Erik  Giesa,  director  of  product 
management  at  F5. 

F5  previously  added  application-aware 
capabilities  to  its  Big-IP  products.  Last  year,  for 
example,  it  announced  support  for  voice 
applications  based  on  Session  Initiation  Pro¬ 
tocol  (SIP)  and  announced  integration  with 
BEA  Systems’  WebLogic  server.  This  release 
broadens  the  product's  capabilities  by  letting 


it  manage  any  application  protocol  such  as 
XML  and  SQL. 

The  foundation  of  the  new  software  is  F5’s 
Universal  Inspection  Engine,  which  reads 
application  data, and  iRules, customer-defined 
criteria  that  tell  Big-IP  how  and  where  to  move 
traffic.  A  customer  could  direct  Big-IP  to  move 
traffic  according  to  mobile  phone  numbers 
found  in  the  payload  of  a  packet, 
for  example. 

F5  also  is  planning  to  announce 
its  first  custom  silicon,  the  Packet 
Velocity  ASIC,  which  will  power  a 
new  line  of  Big-IP  application 
switches:  Big-IP  1000,  Big-IP  2400 
and  Big-IP  5100.The  Packet  Velocity 
ASIC  is  designed  to  handle  up  to 
250,000  Layer  4  connections  per  second  and 
up  to  20,000  Layer  7  sessions  per  second. The 
previous  Big-IP  appliances  could  handle 
about  32,000  Layer  4  connections  per  second 
and  about  17,000  Layer  7  sessions  per  second. 
The  appliances  typically  sit  behind  a  firewall 
and  in  front  of  application  servers,  databases 
or  Web  servers. 

F5  is  not  alone  in  targeting  application  man¬ 
agement  as  businesses  put  more  advanced  IP 
applications  onto  their  networks.  Competitors 
such  as  Cisco,  Nortel,  Radware  and  Foundry 
also  are  looking  at  providing  more  intelligent 
switches. 

Peter  Firstbrook,  a  senior  research  analyst  at 


Meta  Group,  says  F5  can  now  dig  deeper  into 
packets  than  its  competition. 

“Most  of  the  companies  claiming  Layer  7 
capability  really  just  have  the  ability  to  dig  so 
many  characters,  usually  into  the  header,  but 
they  can’t  get  much  beyond  that,”  he  says. 
“What  F5  has  done  is  they  can  dig  into  any 
part  of  the  application  payload  and  find  any 
specific  tags  that  you  want  to  look  at.” 

Voice-over-lP  provider  Net2Phone  has  been 
lab  testing  the  new  Big-IP  software  and  plans 
to  deploy  the  technology  to  manage  SIP  traffic 
within  VoIP  applications.  “We  use  horizontal 
scaling,  and  deploying  a  traffic  management 
tool  that  is  aware  of  the  flow  of  sessions  is  the 
ideal  way  to  make  that  approach  to  scaling 
reliable,” says  Jeff  Skelton,  CTO  of  Net2Phone. 

Skelton  says  he  plans  to  use  Big-IP  to  handle 
XML  traffic  for  back-office  applications,  elimi¬ 
nating  the  need  to  deploy  a  separate  XML 
router.  Skelton  says  Big-IP  is  providing  savings 
in  operational  expenses, but  wouldn’t  say  how 
much. 

The  hardware  platforms  are  scheduled  for 
general  availability  next  month  and  range  in 
price  from  $15,000  for  the  Big-IP  1000  to 
$58,000  for  a  fully  redundant  pair  of  the  Big-IP 
5 100s.  The  Big-IP  software  is  scheduled  to  be 
available  later  this  month,  and  existing  Big-IP 
customers  with  services  contracts  will  be 
upgraded  for  free. The  software  will  be  avail¬ 
able  for  all  Big-IP  appliances.  ■ 


F5’s  Big-IP  5100  will  be  powered  by 
the  company's  first  custom  silicon, 
which  can  handle  up  to  250,000 
Layer  4  connections  per  second. 
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Takes 

■  MicronPC  has  launched  a  new 
series  of  Netframe  servers  that  use 
Intel's  Xeon  processors.  The  Net- 
frame  1600,  2600  and  3600  servers 
replace  earlier  boxes,  the  1500,  2500 
and  3600,  which  used  Pentium  III 
processors.  The  Netframe  1600  and 
2600  servers  are  111-  and  2U-  (1.75- 
to  3.5-inch,  respectively)  servers 
suitable  for  space-constrained 
enterprise-size  businesses.  The  3600 
server  is  aimed  at  small  to  midsize 
businesses  or  workgroups  of  larger 
organizations.  The  Netframe  1600 
has  dual  Intel  processors,  up  to  12 
G-bytes  of  SD-RAM,  dual  Gigabit 
Ethernet  adapters  and  up  to  three 
hot-swappable  SCSI  drives.  The 
Netframe  2600,  also  a  dual-proces¬ 
sor  server,  differs  from  the  1600  —  it 
has  up  to  seven  drive  bays.  The 
Netframe  3600,  available  in  pedestal 
or  rack  form,  has  dual  Gigabit 
Ethernet  adapters  and  up  to  10  hot- 
swappable  drives  capable  of  han¬ 
dling  more  than  1.4  terabytes  of 
data.  Available  now,  the  servers  run 
Windows.  The  Netframe  1600  starts 
at  $2,300;  the  2600  starts  at  $2,500; 
the  3600  starts  at  $2,000. 
www.micronpc.com 

■  Microsoft's  Bluetooth-com- 
patible  keyboard  and  mouse 

will  be  available  across  the  U.S.  by 
November,  the  company  announced 
last  week.  Microsoft's  Wireless 
Optical  Desktop  for  Bluetooth 
includes  a  keyboard,  mouse  and 
transceiver.  A  more  advanced  and 
ergonomic  mouse,  the  Wireless 
IntelliMouse  Explorer  for  Bluetooth, 
will  be  available  separately.  The 
transceiver  connects  to  the  PC  via 
a  USB  connection  and  can  link  it  to 
other  Bluetooth  devices  such  as 
PDAs  and  printers.  Bluetooth  is  a 
short-range  wireless  technology 
that  lets  devices  interact  without 
cables.  A  Bluetooth  mobile  phone 
could  be  used  as  a  modem  for  a  lap¬ 
top  or  a  desktop  PC  linked  wire¬ 
lessly  to  a  printer  in  another  room, 
Microsoft  said.  The  transceiver  has 
a  range  of  up  to  30  feet. 
www.microsoft.com 
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University  goes  gaga  over  Gigabit 


■  BY  PHIL  HOCHMUTH 

CLEVELAND  —  Gigabit  Ethernet  is 
going  to  school  at  Case  Western  Reserve 
University  —  right  down  to  each  class¬ 
room  seat,  in  some  cases. 

The  Cleveland  university  recently  up¬ 
graded  its  network  with  approximately 
16,000  Gigabit  Ethernet  desktop  ports 
across  campus.  Faculty  and  students 
now  can  hold  videoconferences,  access 
resources  such  as  multimedia  materials 
or  conduct  distance-learning  programs. 

“We’re  taking  IP  to  a  new  level  as  a 
learning  tool  with  these  huge  [net¬ 
work]  pipes,”  says  Dr.  Lev  Gonick,  CTO 
at  Case  Western. 

The  new  centerpiece  of  the  campus  is 
the  $61.7  million  Peter  B.  Lewis  Build¬ 
ing,  the  new  home  to  the  university’s 
Weatherhead  School  of  Management. 
The  building,  designed  by  Frank  Gehry, 


offers  something  for  both 
the  aesthetically  minded 
and  the  technically  in¬ 
clined:  outside,  a  flowing 
exterior  of  steel,  glass  and 
concrete  is  hard  to  miss; 
inside,  1 ,400  Gigabit  Ether¬ 
net  ports  are  located 
throughout  facility’s  offices 
and  10  classrooms,  which 
also  are  equipped  with  the 
latest  sound  and  video 
technologies. 

Weatherhead  students, 
outfitted  with  Gigabit- 
enabled  Dell  laptops  from 
the  school,  can  plug  into  their  own 
lOOOBase-T  Gigabit  Ethernet  ports  at 
each  classroom  seat.  Students  use  these 
high-speed  links  to  access  resources 
such  as  multimedia  case  studies  used  in 
classes,  and  conducting  interactive 


whiteboard  and  other 
high-bandwidth  appli¬ 
cations  with  other  stu¬ 
dents  over  the  network. 
The  fast  links  also  let 
Weatherhead  conduct 
distance-learning 
courses  with  full-mo¬ 
tion  videoconferencing 
and  online  collabora¬ 
tion  programs,  such  as 
Blackboard,  according 
to  Gonick. 

In  addition  to  the  all- 
Gigabit  building,  the  uni¬ 
versity  recently  rolled 
out  Gigabit  Ethernet  to  14,000  desktop 
ports  at  two  other  colleges  on  the  cam¬ 
pus.  While  the  Lewis  Building  project  let 
the  network  be  built  right  along  with  the 
building,  Case  Western’s  IT  staff  and 
See  Gigabit,  page  18 


Lev  Gonick,  CTO  at  Case 
Western  Reserve  University, 
directed  the  school's  up¬ 
grade  from  ATM  to  Gigabit 
Ethernet. 
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Start-up  secures 
stored  net  data 

■  BY  JENNIFER  MEARS 

REDWOOD  CITY  CALIF —  Businesses  looking  for  ways  to  pro¬ 
tect  data  in  networked  storage  arrays  might  be  interested  in  a 
start-up  that  has  unveiled  appliances  designed  to  encrypt  and 
decrypt  storage  data  without  hurting  network  performance. 

The  company,  called  Decru.was  founded  in  April  2001  by  Dan 
Avida,  formerly  CEO  and  co-founder  of  Electronics  for  Imaging, 
and  Serge  Plotkin,an  associate  professor  of  computer  science  at 
Stanford  University  The  company  has  secured  $43  million  in 
funding  from  investors  that  include  Benchmark  Capital, Greylock 
and  ln-Q-Tel,the  venture  capital  arm  of  the  CIA. 

The  company  came  out  of  stealth  mode  last  week  with  a  pair 
of  appliances  that  fit  into  storage-area  network  (SAN)  and  net¬ 
work-attached  storage  (NAS)  environments.The  DataFort  E440  is 
for  file-based,  or  NAS,  deployments  and  has  two  Gigabit  Ethernet 
ports.  The  DataFortFC440  is  designed  for  block-based,  or  SAN, 
architectures  and  has  two  Fibre  Channel 
ports.  Available  now,  the  appliances  range 
from  $30,000  to  $40,000. 

The  appliances  are  deployed  between  a 
LAN  and  file  servers,  and  require  no 
See  Decru,  page  18 


McData  adds  switch 
for  workgroup  storage 

■  BY  DENI  CONNOR 

BROOMFIELD,  COLO.  —  McData  is  expected  to  introduce  a 
new  low-end  24-port  switch  this  week  for  customers  looking  to 
support  distributed  workgroup  storage-area  networks. 

The  Sphereon  4500  is  one  of  the  company’s  smallest  switches 
to  date  and  fills  in  a  gap  at  the  low-end  of  its  product  line.  McData 
also  manufactures  16-  and  32-port  Sphereon  switches,  and  direc¬ 
tor-level  switches  with  as  many  as  140  ports. 

The  Sphereon  4500,  a  1U  (1.75  inches)  high  2G  bit/sec  switch, 
uses  a  reduced-feature  management  package  called  SANpilot, 
which  is  based  on  its  SAN  Navigator  director-level  management 
product.  The  switch  has  redundant  and  hot-pluggable  fans  and 
power  supplies. 

Analysts  say  McData’s  switch  is  aimed  at  helping  it  compete 
more  effectively  against  others  such  as  Brocade  and  Cisco. 

“McData  is  trying  to  take  market  away  from  Brocade  while  they 
have  the  opportunity  to  do  so,”  says  Jamie 
Gruener,  senior  analyst  with  The  Yankee 
Group.  “This  is  McData’s  first  aggressive- 
entry-level  switch  targeted  at  the 
workgroup.” 

See  McData,  page  18 
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The  Peter  B.  Lewis  Building  at  Case  Western  Reserve  University  provides 
students  with  Gigabit  connections  to  each  classroom  seat,  letting  students 
view  multimedia  presentations  and  share  programs  over  the  network. 


Cisco  Catalyst 
4006  switch 


Cisco  Catalyst 
4006  switch 


Cisco  Catalyst 
6509  switches 


O  Students  are  outfitted  with  Dell 
laptops  with  Netgear  fiber- 
based  Gigabit  Ethernet  cards. 
1,400  Gigabit  ports  are 
available  throughout  the 


Classrooms 


©  Cisco  switches  in  the  wiring 
closets  and  in  the  core 
aggregate  desktop  connections 
and  pass  data  on  to  the  10G 
Ethernet  backbone. 


Gigabit  Ethernet 
(lOOOBaseT) 

10G  Ethernet 


(lOGBaseLX) 
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continued  from  page  17 

Sprint,  the  school’s  equipment  integra¬ 
tor,  had  a  bigger  challenge  in  upgrading 
the  old  campus  network. 

The  school’s  backbone  was  based  on 
ATM  gear  from  FORE  Systems  and,  at 
one  time, supported  25M  bit/sec  ATM  to 
every  desktop  on  campus. 

“Back  in  1988  and  1989,  this  was  the 
first  school  to  get  out  and  really  provide 
Internet  connectivity  to  all  faculty  stu¬ 
dents  and  staff,” Gonick  says.“At  the  time, 
they  bet  on  fiber  and  ATM.  Those  were 
the  wrong  bets  to  make.” 

Until  recently,  to  network  the  school’s 
Ethernet-based  PCs,  a  modem-sized 
ATM-to-Ethernet  transceiver  was  re¬ 
quired,  which  plugged  into  fiber  wall 
jacks  and  connected  to  PCs  with  copper. 

When  Gonick  became  CTO  more  than 
a  year  ago,  he  says  his  first  inclination 
was  to  rewire  the  campus  with  10/1 00M 
bit/sec  Ethernet  via  Category  5e  cabling, 
but  he  decided  to  tap  the  5,000  miles  of 
fiber  on  campus  instead. 

"We  could  have  spent  millions  to  pull 
out  all  the  fiber  and  replace  it  with 
(Category  5e],but  we  decided  we  could 
get  another  seven  years  of  use  out  of  the 
fiber” Gonick  says. 

With  fiber-optic  network  interface 
cards  now  costing  about  $200,  Gonick 


says,  the  school  upgraded  its  faculty  and 
staff  with  new  Dell  PCs  fitted  with 
lOOOBase-SX  cards  from  Netgear,  giving 
each  desktop  a  full  1000M  bit/sec 
switched  connection  to  the  backbone. 

Eight  Cisco  Catalyst  6590  switches  in 
the  core  aggregate  the  Gigabit  traffic 
from  dozens  of  Catalyst  6509, 4006  and 
4003  switches  at  the  distribution  layer 
and  in  wiring  closets  around  campus. 
The  backbone  is  a  mixture  of  Gigabit 
Ethernet  and  10G  Ethernet  links,  all 
using  single-mode  fiber. 

Gonick  says  the  network  at  Case  Wes¬ 
tern  is  just  the  beginning  of  a  larger  met¬ 
ropolitan-area  network  (MAN)  scenario, 
involving  several  other  institutions 
throughout  Cleveland. 

During  the  next  several  months, 
Gonick  will  work  with  the  city  schools 
and  libraries  and  Cleveland's  network 
of  other  universities  and  hospitals  to 
deploy  a  10G  dense  wavelength  divi¬ 
sion  multiplexing  network  over  a  pair 
of  dark  fiber  strands  the  city  has 
acquired.  The  MAN  would  be  con¬ 
nected  to  the  Internet  via  the  univers¬ 
ity’s  (X>18  SONET  pipe. 

“The  goal  is  to  make  Cleveland  the 
first  metro  area  in  the  country  to  a 
leverage  very-high-bandwidth  network 
infrastructure  [and  provide]  broad¬ 
band  to  90%  of  the  community  by 
2010,”  Gonick  says.  ■ 


Intel  puts  security  on  net  chip 


■  BY  SUMNER  LEMON 

Intel  last  week  released  the  1XP2850,  a 
network  processor  that  combines  packet 
processing  capabilities  with  integrated 
encryption  and  data-integrity  features  on 
a  single  piece  of  silicon  to  reduce  power 
consumption  and  space  requirements. 

Designed  for  applications  such  as  VPNs 
and  storage-area  networks,  the  IXP2850 
can  handle  applications  such  as  load-bal¬ 
ancing  among  multiple  Web  servers,  and 
process  encryption  and  data  integrity 


standards  such  as  Data  Encryption 
Standard,  Advanced  Encryption  Standard 
and  SHA-1  at  speeds  up  to  10G  bit/sec, 
Intel  says. 

The  IXP2850  is  part  of  Intel’s  IXP2800 
family  of  network  processors,  which  is 
based  on  the  company’s  Xscale  processor 
architecture  and  designed  for  use  in  high- 
capacity  routing  and  switching  equip¬ 
ment  at  the  core  of  a  large  network. 

Lemon  is  a  correspondent  with  the  IDG 
News  Service's  Taipei  bureau. 


Decru 

continued  from  page  17 

changes  in  network  setup,  says  Avida, 
Decru’s  president  and  CEO.  The  devices 
use  a  hardware  engine  to  encrypt  and 
decrypt  data  at  wireline  speeds  and  use 
256-bit  key  Advanced  Encryption  Stan¬ 
dard  encryption. 

Users  can  configure  the  DataFort  to  en¬ 
crypt  specific  data,  and  the  device  can 
hook  into  existing  directories  to  set 
authentication  rules  to  restrict  access  to 
data  based  on  user  ID.  That  lets  groups 
within  an  organization  share  storage  infra¬ 
structure,  but  ensure  that  their  particular 
data  is  protected,  Avida  says. 

Today,  most  companies  protect  the 
perimeter  of  their  networks,  but  leave  stor¬ 
age  at  the  core  vulnerable,  Avida  says.  He 
points  to  statistics  from  RBC  Capital 
Markets  that  show  that  the  majority  of 
hacker  attacks  originate  from  inside  an 
organization. 

“We  think  the  perimeter  defense  is  no 
longer  good  enough,”  Avida  says. 

Users  seem  to  agree. 

Greg  McGrath  Sr.,  director  of  IT  for 
Incyte  Genomics,  a  biotechnology  firm 
in  Palo  Alto,  says  he  is  looking  for  a  way 
to  better  secure  his  SAN  and  NAS  stor¬ 
age.  Incyte  has  been  beta-testing  the 
DataFort  appliance  to  secure  its  NAS 
installation. 

“Our  security  model  had  been  the 
hard  outer  shell  where  we’re  very  pro¬ 
tected  against  people  trying  to  come  in 


Decru's  DataFort  appliance  can  encrypt  and 
decrypt  stored  data. 


through  the  Internet,”  McGrath  says.“But 
once  you’re  part  of  the  internal  network, 
security  is  pretty  loose.  People  could  get 
on  machines  and  cruise  around 
pretty  easily. 

“Why  a  device  like  this  is  really  useful  is 
because  there  is  a  lot  of  internal  corpo¬ 
rate  data  that  we  want  to  secure,  whether 
financial  or  human  resources  —  the  more 
secure  the  better,”  he  says. 

He  says  the  product  was  easy  to  install 
and  hasn’t  been  tough  to  manage. 

Analysts  say  Decru  is  facing  competitors 
such  as  Neoscale  and  Vormetric,  which 
also  focus  on  storage  security,  an  issue 
that’s  gaining  greater  importance  as  com¬ 
panies  move  from  direct-attached  archi¬ 
tectures  to  distributed  environments. 

“In  the  past,  storage  was  a  closed  envi¬ 
ronment,”  says  Jamie  Gruener,  senior 
analyst  with  The  Yankee  Group.  “But  as 
you  add  network  protocols  there  is  a 
growing  need  for  better  security.  There 
are  a  host  of  vendors,  including  Decru, 
that  have  a  good  start  in  terms  of  being 
able  to  provide  security  tools  that  would 
allow  you  to  deal  with  these  issues 
head  on.”B 


McData 
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Cisco  has  improved  its  SAN  offerings 
over  the  past  year  by  buying  or  investing 
in  start-up  companies  such  as  Andiamo 
Networks  and  the  storage-virtualization 
vendor  StoreAge  Networking  Technol- 
ogies.The  network  giant  also  has  added  its 
own  storage  router  and  Fibre  Channel 
products. 

As  the  SAN  market  is  becoming  in¬ 
creasingly  competitive,  the  cost  of  Fibre 
Channel  switches  is  falling.  McData  says 
that  its  24-port  Sphereon  is  more  than 
half  the  cost  of  other  comparable  gear.  A 


McData's  Sphereon  4500  is  1.75  inches  high 
and  is  aimed  at  workgroup  users. 


24-port  Sphereon  starts  at  $22,000,  com¬ 
pared  with  $50,000  for  other  brands. 

In  2001,  McData  held  91%  of  the  Fibre 
Channel  director-level  ports  market  by 
revenue,  while  Brocade  had  93%  of  the 
low-end  to  midrange  Fibre  Channel 
switch  market,  according  to  1DC. 

The  Sphereon  4500  is  available  now. 

McData:  www.mcdata.com 


Embedding  Security  Into  the  Network 

The  New  Strategy  for  Protecting  Your  E-business 

Cisco's  Integration  of  Security  into  Catalyst  Series  Switches  Blends  Scalability  with  Proven  Security  Solutions 


What  is  the  risk  of  poor  network  security  to  your  business?  An  average  of  nearly  US  $2  million  per  year,  as  reported  by  respondents 
to  a  recent  2002  survey  by  the  U.  S.  Federal  Bureau  of  Investigation  (FBI).  Threats  to  network  security  are  a  continuous  and  complex 
challenge  for  your  business. These  threats  will  continue  to  grow— and  new  threats  will  emerge— as  your  networks  become  more  open, 
extend  to  more  locations,  enable  more  applications,  and  support  new  technologies  such  as  mobility  and  IP  telephony. 


The  changing  demands  on  network  security  can  already  be  seen  in  the  rising 
number  of  computer  breaches.  In  the  CSI/FBI’s  2002  Computer  Crime  and 
Security  Survey ,  90  percent  of  respondents  (primarily  large  corporations  and 
government  agencies)  detected  computer  breaches  within  twelve  months, 
with  80  percent  acknowledging  financial  losses  due  to  these  breaches. 

While  still  a  critical  part  of  an  overall  security  solution,  firewalls  and  other 
standalone  network  security  products  are  no  longer  adequate  when  deployed 
in  isolation  for  protecting  your  network  from  internal  and  external  attacks. 
Both  network  and  security  professionals  are  discovering  that  today’s  net¬ 
works  need  a  new,  comprehensive  approach  to  security,  one  in  which  multi¬ 
ple  security  components  overlap  each  other  in  a  flexible,  layered  solution. 

Cisco  Systems  is  leading  the  industry  by  delivering  a  new  generation  of  solu¬ 
tions  for  comprehensive  embedded  network  security:  a  set  of  five  new  mod¬ 
ules  that  will  integrate  essential  security  functions  on  the  Cisco  Catalyst 
6500"  Series  of  multilayer  switches.  Individual  modules  provide  multigigabit 
performance  for  firewall,  intrusion  detection,  secure  sockets  layer  (SSL)  pro¬ 
cessing,  network  analysis  management,  and  virtual  private  network  (VPN) 
capabilities.  These  modules  add  to  the  services  for  increased  business 
resilience  and  availability  brought  to  Catalyst  switches  by  the  existing 
Content  Switching  Module  (CSM).  By  supporting  a  comprehensive  choice  of 
security  functions,  the  Cisco  Catalyst  6500  Series  modules  enable  the  modu¬ 
lar,  flexible  deployment  of  scalable  security  necessary  to  your  vital  networks, 
applications,  and  business  operations. 


Why  Embedded,  Integrated  Security? 

Embedded  security  services  are  deployed  and  implemented  throughout  the 
network;  from  edge  to  network  edge,  from  campus  core  to  branch  to 
mobile  teleworker.  Integrated  security  means  multiple  security  devices  are 
implemented  in  networking  systems  such  as  routers  and  switches.  These 
networking  systems  may  already  be  deployed  in  the  network,  or  may  be 
new  greenfield  deployments.  Security  service  examples  include  firewalls 
VPN  and  IDS. 

There  are  many  sound  reasons  to  adopt  an  integrated  design  for  network 
security,  including: 

•  The  expanding  variety  and  volume  of  network  threats,  which  can  only  be 
addressed  by  a  “defense-in-depth”  strategy,  supported  by  multiple  and 
cohesive  security  components. 

•  Yesterday’s  security  products  were  designed  for  private,  “closed”  networks 
with  a  limited  number  of  connections  to  other  networks.  Today’s  networks 
have  hundreds,  and  sometimes  thousands  of  interconnections  to  other  net¬ 
works — requiring  security  products  that  can  support  many  different  net¬ 
work  designs. 

•  As  networks  continue  to  grow  and  change,  the  security  design  must  keep 
pace — transparently — while  enabling  your  network  to  continually  deliver 
the  required  scalability  and  performance. 

•  Embedded  security  supports  the  smooth  functioning  of  your  entire  e-busi¬ 
ness  infrastructure,  assuring  that  security  functions  do  not  become  a  hin¬ 
drance  to  sales  and  other  online  activity. 


About  the  Cisco  Catalyst  6500  Series  Switches 


Cisco  Catalyst  6500  Series  Switches  deliver  highly  available,  secure,  and  converged  network  services  for  enterprise  and  service  provider  networks. 
These  switches  support  gigabit  scalability,  high  availability,  rich  services,  and  multilayer  switching  in  backbone,  distribution,  and  wiring  closet 
topologies  as  well  as  data  center  environments. The  Catalyst  6500  Series  also  offers  exceptional  scalability  and  value  by  supporting  a  wide  range 
of  interface  densities,  performance,  and  integration  of  powerful  services  modules. 

By  combining  superior  control-plane  and  packet-forwarding  scalability  with  a  rich  set  of  intelligent  services,  the  Catalyst  6500  Series  gives  enterpr 
es  a  foundation  for  converged  voice/video/data  networks  and  e-commerce  services. 
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•  Network  operations  and  management  are  simpler  with  embedded  security, 
with  the  associated  benefits  of  lower  costs.  There  are  also  fewer  devises  to 
install,  configure  and  manage. 

•  A  comprehensive,  embedded,  and  integrated  security  design  is  more  com¬ 
patible  with  initiatives  for  new,  interconnected  network  technologies  such 
as  VPNs,  wireless,  and  IP  telephony. 

All  points  of  the  network  are  vulnerable  to  attack,  therefore  security  must  be 
present  everywhere  to  provide  effective  countermeasures,  the  most  scalable 
and  cost-effective  defense  is  to  embed  security  throughout  the  network  infra¬ 
structure  —  on  routers,  switches  and  other  network  devices  —  complementing 
dedicated  security  appliances  deployed  for  security  hot  spots. 

True  integration  means  more  than  simple  interoperability  among  security 
components;  network  security  requires  a  comprehensive  design.  The  SAFE 
Blueprint  from  Cisco  gives  businesses  of  all  sizes  a  comprehensive  set  of  best 
practices  for  creating  a  secure,  defense-in-depth  network.  The  integrated 
security  modules  for  Cisco  Catalyst  6500  Series  switches  can  be  deployed 
according  to  the  principles  of  SAFE,  assuring  a  good  fit  into  your  overall 
network  architecture  and  security  strategy. 

Where  is  the  logical  point  for  integrating  security  capabilities?  In  the  net¬ 
work  infrastructure.  The  campus  switch  enables  several  advantages  because 
of  its  key  role  in  the  network  infrastructure.  These  advantages  include: 

•  Higher  performance  of  security  functions  without  any  degradation  of 
switch  performance 

•  Increased  network  flexibility,  scalability,  and  availability 

•  Reduced  overall  cost  of  network  ownership,  through  the  ability  to  leverage 
existing  switches  to  run  security  services 

•  Seamless  converged  networks  with  the  switch  carrying  voice,  video  and 
data  traffic  while  running  security  switches 

•  Increased  collaboration  among  networking  and  security  operations,  a  critical 
requirement  for  defense  against  today’s  increasingly  sophisticated  attacks 


Integrating  Security  with  Cisco  Catalyst  6500 

Series  Switches 

The  Catalyst  6500  Series  security  modules  will  support  two  configurations: 

•  Multiple  security  functions  on  a  single  switch,  through  the  installation  of 
the  appropriate  modules. 

•  Dedicated  and  enhanced  processing  of  a  single  security  function,  such  as 
intrusion  detection,  through  installation  of  multiple  modules  of  the  same 
type  in  a  single  switch. 


Figure  1. 

For  an  extranet,  the  Catalyst  modules  can  replace 
standalone  security  devices. 
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Cisco  Catalyst  6500  Series 

Services  Modules 

Description 

Firewall  Services  Module 

Implements  firewall  protection  with  up  to  OC-48  or  5  Gbps  aggregate  throughput  and  support 
for  up  to  1  million  concurrent  secure  connections. This  module  is  based  on  the  award-winning 
Cisco  PIX®  Firewall  technology. 

Secure  Sockets  Layer  (SSL)  Services  Module 

Secures  Web  transactions  and  offloads  web  servers  with  support  for  up  to  60,000  concurrent  con¬ 
nections  and  up  to  4,000  new  connections  per  second. 

IP  Sec  VPN  Services  Module 

Provides  secure,  gigabit-rate  VPN  termination  and  traffic  encryption  to  connect  remote  offices  and 
mobile  users. 

Network  Analysis  Module  (NAM) 

Monitors  network  activity  in  a  gigabit  environment,  with  a  Web-based  traffic  analyzer  to  quickly 
identify  potential  security  threats  in  the  application  layer. 

Content  Switching  Module  (CSM) 

With  a  full  set  of  Layer  4-7  features,  the  Content  Switching  Module  (CSM)  integrates  advanced 
content  switching  into  the  Catalyst  6500  Series  to  provide  high-performance,  high-availability 
load  balancing  of  firewalls,  web  servers,  caches,  and  other  network  devices. 

Intrusion  Detection  System  (IDS)  Module 

Processes  network  traffic  directly  from  the  switch  backplane  to  detect  and  mitigate  network  intrusions. 

Do  Standalone  Security  Devices  Still  Have  a  Role  in  Your  Network? 


Although  the  arguments  are  compelling  for  moving  to  an  integrated  security  design,  standalone  security  devices  still  have  a  role  in  many  networks. 
A  standalone  device,  such  as  a  firewall,  VPN  or  IDS  appliances  may  be  just  the  right  solution  for  a  specific  site  or  specialized  application. The  SAFE 
Blueprint  offers  guidance  for  choosing  between  integrated  and  standalone  devices  to  meet  specific  security  needs. 

Some  factors  to  consider  when  choosing  an  appliance  or  an  integrated  security  system: 

•  Cost  -  an  integrated  system  may  have  a  lower  total  cost  of  ownership;  especially  if  deployed  as  an  upgrade  to  an  existing  device 

•  Performance  -  the  price  performance  required  may  direct  you  to  choose  an  integrated  stand  alone  solution 

•  Control  -  A  stand  alone  device  managed  by  your  SecOps  team  may  provide  the  primary  control  of  security  policy 
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All  modules  are  based  on  Cisco's  powerful  Node  Switch  Processor  (NSP) 
technology,  which  supports  greater  performance,  flexibility,  and  functionality 
than  competitive  products  based  on  application  specific  integrated  circuit 
(ASIC)  technology. 

The  Catalyst  6500  Series  security  modules  can  be  managed  by  Cisco  net¬ 
work  management  products  as  well  as  selected  applications  from  Cisco 
ecosystem  partners.  The  integrated  security  design  for  the  Catalyst  6500 
Series  is  compatible  and  interoperable  with  standalone  security  appliances 
from  Cisco,  including  Cisco  PIX  Firewalls,  Cisco  Intrusion  Protection  prod¬ 
ucts,  Cisco  routers,  Cisco  VPN  appliances  and  Cisco  content  switches. 

Figure  1  shows  a  vendor  extranet  that  replaces  separate  devices  for  firewall 
and  intrusion  detection  with  the  appropriate  modules  on  a  Catalyst  6509 
switch.  In  this  example,  the  enterprise  can  eliminate  the  costs  and  manage¬ 
ment  burden  of  separate  devices  while  realizing  greater  operational  efficiency 
and  return  on  investments  in  the  Catalyst  6500  Series  switches. 

Will  Security  Processing  Impact  Switch  Performance? 

Given  the  ever-growing  traffic  volumes  and  demands  for  switch  services, 
network  managers  may  be  wary  about  adding  new  functions  to  a  campus 
switch.  Security  functions  require  high  processing  capabilities,  leading  to  a 
concern  about  their  impact  on  switch  performance.  Cisco  has  addressed  this 
concern  by  developing  security  modules  that  no  longer  require  tradeoffs  in 
network  performance  for  increases  in  security.  The  newly  released  Cisco 
Catalyst  6500  security  modules  offer  the  fastest  performance  available  today 
for  security  throughput,  assuring  no  significant  impact  on  switch  performance. 

From  a  network  manager’s  perspective,  additional  advantages  of  security 
integration  include: 


•  An  enhanced  networking  solution  through  integration  of  a  high-perform¬ 
ance  Catalyst  6500  Series  switch  with  market-leading  security  technology 

•  Protection  of  investments  in  Catalyst  and  NSP  technologies  with  no  com 
promise  in  security  functions  or  network  performance 

•  Easy  integration  into  existing  Cisco  Catalyst  6500  Series  switches 

•  Scalable  and  flexible  design  for  adding  security  functions  as  needed 

•  Tighter  integration  of  security  with  network  services  such  as  traffic  polic¬ 
ing  and  shaping 

Why  Should  I  Place  Security  Functions  in  the 
Campus  Switch? 

A  natural  concern  of  security  managers  is  that  integrating  security  functions 
at  a  single  point — the  campus  switch — presents  a  risk  in  itself.  Yet  the 
advantages  of  integration  present  a  strong  case  for  making  the  shift  from 
standalone  devices.  For  a  security  manager,  the  advantages  of  integration 
include: 

•  A  modular  design  that  enables  high  scalability  and  significantly  reduced 
costs,  operational  complexity,  and  management  burden  compared  to 
standalone  devices 

•  Security  services  that  are  adaptable  to  a  wide  range  of  network  topologies, 
including  new  voice  and  mobility  deployments,  through  integration  of 
diverse  security  modules 

•  Security  modules  deliver  performance  significantly  higher  than  the  levels 
offered  by  standalone  devices 

•  Performance  of  discrete  security  functions  can  be  increased  by  installing 
multiple  modules  of  a  single  type  (e.g.,  firewall) 

•  Network  growth  and  change  can  be  accommodated  easily  by  adding  new 
modules,  as  an  alternative  to  adding  standalone  devices 

Choosing  an  Integrated  Security  Solution 

Cisco’s  embedded  approach  to  network  security  reflects  networking  leader¬ 
ship  that  will  enable  your  business  to  more  effectively  meet  security  needs 
today  and  well  into  the  future.  Cisco  is  the  only  vendor  currently  offering  an 
integrated  design  and  campus  switch  modules  for  all  essential  aspects  of  net¬ 
work  security.  Together,  the  Cisco  Catalyst  6500  Series  switches  and  inte¬ 
grated  security  modules  deliver  an  outstanding  solution  for  campus 
networking  and  embedded,  integrated  network  security. 


Listen  to  Cisco  switching  and  security  experts 
discuss  how  embedded  security  can  help  protect 
YOUR  network. 

www.cisco.com/go/securitytechtalk 

For  More  Information: 

Cisco  Catalyst  6500  Series:  www.cisco.com/go/Catalyst6500 
SAFE  Blueprint:  www.cisco.com/go/safe 
Security:  www.cisco.com/go/security 
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Cisco  Systems  and  WebEx:  Extending  Integrated  Network  Security  with  the  Catalyst  6500  Series 
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Cisco  customer  WebEx  Communications,  Inc.  has  been  using  the  new  firewall,  VPN,  and  SSL  modules  for  the  Cisco  Catalyst  6500  series.  "Our  testing 
of  the  firewall  module  has  shown  significantly  faster  sustained  throughput  than  any  other  device  we  have  found  with  similar  functionality,"  said 
Hesham  Essa,  Manager  of  Network  Engineering  for  WebEx.  This  higher  level  of  firewall  performance  will  enable  WebEx  to  deploy  their  firew ,  A 
more  efficiently,  an  important  consideration  for  this  operator  of  a  large,  global  communications  network. 

Headquartered  in  San  Jose,  California,  WebEx  provides  interactive  conferencing  services  over  the  telephone  or  Web.  These  services  are  st 
ed  by  a  Cisco  AVVID  (Architecture  for  Voice,  Video  and  Data)  network  that  integrates  voice,  video,  and  data  for  enterprise  activities  such  as  - 
ings,  presentations,  training,  and  collaboration. 
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Toshiba),  the  non-Exchange-related  spon¬ 
sors  far  outweighed  those  with  an  Ex¬ 
change  perspective.  Brands  well  known 
from  this  column  and  my  newsletters 
(Aelita,  BMC  Software,  Citrix,  NetlQ  and 
Quest)  were  well  represented.  That’s 
good,  because  Microsoft  hasn’t  given 
infrastructure  software  the  trade  show/ 
conference  support  it  really  needs.  It  has 
been  an  extra  at  TechEd,  nonexistent  at 
HEC  and  —  until  now  —  simply  nodded 
at  during  MEC.  That’s  changed,  and 
changed  for  the  better. 

There  are  a  number  of  rumors  swirling 
about  the  future  of  MEC  with  some  saying 
it  will  be  killed  off  and  its  better  parts 
folded  into  TechEd.  Others  are  just  as 
vehement  that  MEC  will  continue  as  the 
infrastructure  (including  Exchange)  con¬ 
ference  while  TechEd  focuses  even  more 
on  developers. 

Before  the  conference  I’d  heard  lots  of 
rumors  that  this  would  be  the  final  MEC, 
but  that  appears  to  have  been  disingenu¬ 
ous  talk  by  those  with  an  Exchange  ax  to 
grind.  What  those  folks  have  to  realize  is 
that  an  infrastructure-related  MEC  can 
cover  Exchange  as  well  as  it  ever  did  while 
expanding  to  take  in  other  directory- 
related  and  management-related  tasks. 

The  show  was  well  done,  with  the  possi¬ 
ble  exception  of  the  food  quality.  It’s  my 
impression  that  TechEd  has  better  food  — 
but  that  might  simply  be  a  reflection  on 
the  Anaheim  Convention  Center’s 
kitchens.  Microsoft  could  also  squeeze  in 
a  few  more  “break  out"  timeslots  while 
reducing  the  extensive  marketing  in  the 
keynote  addresses.  Rather  than  two  two- 
hour-plus  keynotes,  three  or  four  one-hour 
sessions  might  be  better. The  first  two  days 
of  the  conference  allowed  only  a  single 
morning  breakout  session  each  —  that’s 
not  what  attendees  spending  up  to  $1,700 
should  expect. 

On  the  other  hand,  the  quality  of  the 
breakout  sessions  was  uniformly  good  in 
my  experience. This  is  a  show  to  watch  — 
it  could  be  a  better  use  of  your  training 
dollars  (especially  for  network  managers) 
than  TechEd  in  the  years  to  come. 


■  spent  the  week  before  last  at  the 
Microsoft  Exchange  Conference  in 
Anaheim,  Calif. This  is  a  show  I’d  paid 
scant  attention  to  in  the  past,  but  the  for¬ 
mer  conference  has  evolved  quite  a  bit 
into  an  “infrastructure”  event  —  packed 


with  Active  Directory-related  information 
and  sponsored  by  a  number  of  directory- 
related  vendors  and  management-tool 
suppliers. 

Besides  the  usual  hardware  sponsors 
(Cisco,  Dell,  Hewlett-Packard,  IBM  and 


The  Microsoft  Exchange  Conference  evolution 


Analysis,  Monitoring,  Security 
Delivered  by  our  Experts. 


AiroPeek  NX  and  EtherPeek  NX” 

Real-Time  Expert  Packet  Analysis 


EtherPeek  NX  -  Network  Magazine's  Product  of  the  Year,  May  2002 
AiroPeek  NX  -  Network  Computing's  Editor's  Choice,  May  2002 
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Kearns,  a  former  network  administrator, 
is  a  freelance  writer  and  consultant  in 
Silicon  Valley.  He  can  be  reached  at 
wired@quill.  com. 


Tip  of  the  Week 


The  SANS  Institute,  in 
conjunction  with  the  FBI, 
publishes  a  list  of  the  top  20 

Internet  security  vulnerabili¬ 
ties  (www.sans.org/top20/). 
Conf  igursoft  wants  to 
remind  you  that  most  vul¬ 
nerabilities  involve  miscon- 
figured  systems.  Time  to 
review  your  configurations! 


Tripwire  is  The  Data  Integrity  Assurance  Company 


Tripwire®  establishes  a  baseline  of  data  in  its  known 
good  state,  monitors  and  reports  any  changes  to 
that  baseline,  and  enables  rapid  discovery  and 
recovery  when  an  undesired  change  occurs. 

Foundation  for  Data  Security 

■  Ensure  the  integrity  of  your  data 

■  Instant  assessment  of  system  state,  reporting 
“integrity  drifts” 


Your  firewalls  and  intrusion  detection  tools  alone 
are  not  enough  to  keep  systems  trustworthy. 
Tripwire's  data  integrity  assurance  products  are  the 
only  way  to  know  with  100%  confidence  that  your 
data  remains  uncompromised.  For  nearly  10  years 
Tripwire  has  been  helping  IT  professionals  know 
exactly  what’s  changed  on  their  systems,  and 
helping  them  to  recover  quickly. 


Maximize  System  Uptime 

■  Eliminate  risk  and  uncertainty 

■  Enable  quick  restoration  to  a  desired  state 

Increase  Control  and  Stability 

■  Ongoing  monitoring  and  reporting 

Lower  Costs 

■  Find  and  fix  problems  quickly  and  precisely  - 
no  more  guess  work 


For  a  FREE  30-day  fully-functional 

eval,  call  toll-free:  1.800.TRIPWIRE  (874.7947)  or 
visit  http://networld.tripwire.com  today! 
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THE  DATA  INTEGRITY  ASSURANCE  COMPANY 


©  Copyright  2002.  Tripwire  and  the  Tripwire  logo  are  registered  trademarks  of  Tripwire,  Inc. 


AVAYA  SERVICES 


Secure  your  entire  network. 

Today  complete  security  means  protecting  data  and 
voice,  along  with  everything  else  your  network 
currently  includes.  Having  the  right  firewall  or  even 
securing  your  wireless  LAN’s  and  VPN’s  for  data  is 
just  a  starting  point.  With  the  possibility  of  threats 
like  accessing  stored  voicemails  or  intercepting 
IP  Telephony  traffic  looming  over  your  network,  you 
need  complete  multi-vendor,  multi-technology,  multi¬ 
applications  security  consultancy. 

Protect  all  your  points. 

Introducing  the  Avaya  Enterprise  Security  Practice.  Our 
Security  Consultants  offer  expertise  in  voice,  data,  and 
converged  networks,  with  both  technology  and  vertical 
certifications.  Avaya  helps  secure  Internal  and  external 
points  of  access,  including  IP  Telephony,  Messaging 


and  CRM,  as  well  as  VPN’s,  wireless  LAN’s  and  PBX’s. 
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With  communications 


networks  now  made 


WHICH  PART  OF  YOUR  NETWORK  IS  LEAVING 


YOUR  BUSINESS  OPEN  TO  BREACHES  IN  SECURITY? 


up  of  multiple  inter¬ 
connected  parts,  It’s  no  longer  safe  to  just  protect 
individual  pieces  of  them.  That’s  why  you  need  Avaya, 
the  company  that  can  assess,  develop  policy  and 
design  security  for  your  whole  network. 


Ensure  your  company’s  future. 

Don’t  leave  your  communications  network  unprotected. 
Prepare  for  today’s  rapid  changes  in  network  security 
and  sign  up  for  our  Web  Event  at  avaya.com/secure 
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COMMUNICATION  WITHOUT  BOUNDARIES 
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THE  SECURE 


ENTERPRISE 


Security 

Practical  advice  for 
locking  down  enterprise  nets 


■  Centralized  security  device  management  done  right 

■  Getting  a  fix  on  passwords  and  identity  management 

■  Vulnerability  management  tips  and  tools 
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In  a  world  where  there’s  a  different  kind  of  threat  every  day,  you  need  a  different  kind  of  security. 

New  threats  can  blow  through  any  firewall  or  anti-virus  software.  That's  why  you  need  the  RealSecure*  Protection 
System.  It  dynamically  detects,  prevents  and  responds  to  an  ever-changing  spectrum  of  online  threats  to  your  business. 
RealSecure  protects  your  networks,  servers  and  desktops.  And  it  provides  powerful,  centralized  management  that's 
both  simple  and  cost-effective.  No  matter  who  you're  up  against.  Call  us  at  800-776-2362.  Or  visit  www.iss.net/nww. 
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Event  managers  help  reduce  noise,  especially 
from  intrusion-detection  sensors,  and  provide 
a  centralized  view  into  network  security.  But 
getting  them  to  work  properly  requires  the 
right  touch. 


■  BY  PAUL  DESMOND 

Like  many  large  organiza¬ 
tions,  the  U.S.  Department  of 
Energy  has  individual  secu¬ 
rity  teams  at  about  a  dozen 
major  sites  across  the  coun¬ 
try  Armed  with  a  variety  of 
security  tools,  the  teams  do 
a  good  job  of  protecting  the 
DOE  from  unauthorized 
cyberintruders.  Still,  the 
agency  feels  that  centraliz¬ 
ing  security  device  management 
could  put  an  even  stronger  lock  on  the 
DOE’s  network,  says  Dan  Pitton,  special 
assistant  to  the  CIO  of  the  DOE’s  Environ¬ 
mental  Management  Division. 

To  that  end,  the  agency  has  employed 
e-Security’s  Open  e-Security  Platform,  which 
is  intended  to  aggregate  and  correlate  alerts 
from  multiple, distributed  security  products. 
The  idea  is  to  gain  “situational  awareness,” 
Pitton  says, so  an  administrator  can  identify 
in  real-time  events  such  as  an  attack  from 
the  same  source  IP  address  that  targets  mul¬ 
tiple  DOE  sites  simultaneously. 

“That  is  of  enormous  value  to  us  as 
opposed  to  getting  a  report  that’s  a  week 
old,”  he  says.  “We  can  shut  down  attacks 
before  they  do  any  damage.” 

While  e-Security  began  espousing  the  idea 
of  centralized  security  management  three 
years  ago  with  its  product  introduction,  the 
concept  of  a  security  event  manager  —  also 
known  as  security  information  manager  and 
security  device  manager  —  is  only  now 
gaining  momentum.  A  number  of  compet¬ 
ing  start-ups  have  emerged,  including 


ArcSight,  GuardedNet,  Intellitactics,  Moun¬ 
tain  Wave  (recently  acquired  by  Symantec), 
netForensics, Network  Intelligence  (formerly 
OpenSystems.com)  and  OpenService  (re¬ 
cently  merged  with  Response  Networks). 
Established  players,  notably  IBM  Tivoli,  also 
have  entries  in  the  game. 

DEFINING  THE  CATEGORY 

Products  that  fall  into  this  category  must  do 
three  things,  says  John  Pescatore,  research 
director  for  Internet  security  at  Gartner.  First, 
they  should  monitor  security  devices  from 
multiple  vendors  and  normalize  the  data 
they  churn  out. Normalization  is  no  easy  task, 
given  that  vendors  express  and  report  the 
same  data  differently  An  emerging  Internet 
Engineering  Task  Force  standard  —  the 
Intrusion  Detection  Message  Exchange 
Format  —  promises  help  for  intrusion-detec¬ 
tion  systems  (IDS),  which  are  a  major  source 
of  the  problem,  but  vendors  are  only  now 


Illustrations  by  James  Mellett 


starting  to  comply 

Next,  they  should  aggregate  the  data,  and 
in  the  process  reduce  its  volume  by  weed¬ 
ing  out  multiple  alarms  that  pertain  to  the 
same  event.  Finally  the  products  should  cor¬ 
relate  alarms  coming  from  different  sources, 
to  find  the  most  serious  problems. 

“Most  of  the  products  do  normalization 
and  aggregation/reduction,”  Pescatore  says. 
“They  do  very  little  real  correlation.” 

Still, the  normalization  and  data  reduction 
functions  are  valuable,  especially  for  com¬ 
panies  that  have  at  least  10  to  20  IDS  sen¬ 
sors.  “We  see  most  of  these  products  being 
bought  by  companies  that  are  drowning  in 
IDS  alerts,”  Pescatore  says.“This  market  exists 
because  of  intrusion  detection.”  (See  www. 
nwfusion.com,  DocFinder:  1431  for  the  IDS 
product  review, “Crying  wolf”) 

Pete  Lindstrom,  a  director  with  Hurwitz 
Group,  is  a  bit  more  bullish  in  his  assessment 
of  the  security  event  management  market. 
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“It’s  hot,  it’s  interesting,  it’s  important,”  he  says. 

But  nobody  is  willing  to  suggest  that  a  se¬ 
curity  event  manager  will,  on  its  own,  point 
out  intrusions  as  they  happen.  As  with  IDS 
and  other  existing  tools,  experienced  secu¬ 
rity  professionals  need  to  write  the  rules 
that  help  the  systems  pinpoint  events  that 
indicate  a  serious  security  breach. 

“The  question  is,  does  the  tool  help  you 
pick  out  patterns?"  Lindstrom  says.“lt’s  got  to 
help  you  do  that.Then  you  can  start  looking 
for  relationships,”  and  writing  effective  rules. 

Mark  Milatovich,  director  of  information 
security  for  application  service  provider 
Corio,  is  using  the  ArcSight  platform,  which 
he  says  can  recognize  a  port  scan  and 
reduce  it  to  one  alert.  A  network  IDS,  on  the 
other  hand,  might  generate  hundreds  of 
alerts  from  a  port  scan.  A  customer  could 
then  build  in  an  additional  rule  to  have  Arc- 
Sight  trigger  an  alert  when  it  detects  a  port 
scan  happening  on  two  IDSes,  signaling  a 
potentially  dangerous,  distributed, slow  scan. 

“We’re  really  excited  about  it.  It  represents 
a  critical  piece  of  our  overall  security  mo¬ 
del,”  Milatovich  says. 

Such  features  are  even  more  valuable 
when  tied  to  vulnerability-assessment  data, 
Lindstrom  says.  In  that  case,  the  tool  can 
alert  users  when  an  attack  is  launched 

The  events  business 

IDC  projects  steady  gains  in  the  worldwide 
market  for  security  event  correlation 
management  products. 
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against  a  system  that  is  indeed  vulnerable  to 
the  type  of  attack  under  way  Conversely  the 
platform  would  be  smart  enough  to  ignore 
attacks  against  systems  that  were  not  vul¬ 
nerable  to  the  type  of  attack  in  question. 
(See  story  on  vulnerability-management 
tools,  page  12.) 

“That’s  not  really  working  in  these  prod¬ 
ucts,”  says  Pescatore,  noting  that  he  doesn’t 
expect  the  products  to  come  close  to  ad¬ 
dressing  such  issues  until  the  end  of  2003. 

DOE’S  BIG  BET 

In  the  meantime,  customers  appreciate 
the  benefits  the  platforms  already  deliver. 

While  each  DOE  site  has  its  own  firewalls, 
IDSes  and  the  like,  the  organization  has 
more  than  1,000  licenses  for  the  RealSecure 
IDS  from  Internet  Security  Systems  (ISS).So 
the  DOE  is  focusing  initially  on  collecting 
alerts  from  those  IDSes,  Pitton  says. 

In  phase  one,  which  ran  from  early  June 
through  August,  ISS  sensors  located  in  three 
buildings  within  the  DOE  headquarters 
complex  fed  event  data  into  a  central 
e-Security  platform. Now  in  phase  two, which 
will  run  through  year-end,  the  DOE  is  adding 
event  data  feeds  from  Environmental  Man¬ 
agement  sites  in  Idaho  Falls,  Idaho,  and 
Rocky  Flats, Colo., thus  further  extending  the 
situational-awareness  concept. 

“We’re  looking  at  two  to  three  years  for  a 
rollout  to  about  a  dozen  key  DOE  sites, 
which  will  pretty  much  give  us  tactical  situa¬ 
tional  awareness  coast  to  coast,”  Pitton  says. 

Eventually  the  DOE  would  like  to  use  the 
e-Security  platform  to  feed  security  data  into 
a  Web  site  accessible  by  any  other  federal 
agency  that  connects  to  the  DOE  net,  Pitton 
says.  The  idea  is  to  establish  a  level  of  trust 
among  different  networks,  so  that  each  can 
see  the  security  level  of  the  others,  and  alert 
each  other  to  problems  as  they  crop  up. 

But  getting  alerts  is  only  half  the  battle, 
says  Herbert  Mattord,  who  until  early  August 
was  manager  of  information  security  for 
manufacturing  giant  Georgia-Pacific  in  At¬ 
lanta.  Users  also  must  have  processes  in 
place  to  deal  with  the  information  a  security 


Tips  of  the  trade: 


Centralized 

know-how 


•  Don't  expect  the  platform  to  do  all 
the  work;  you  still  will  need  security 
experts  to  write  the  rules  that  really 
make  the  platform  tick. 

•  Size  matters,  says  John  Pescatore, 
a  Gartner  research  director.  The  sweet 
spots  for  security  event  management 
vendors  are  organizations  with  5,000  or 
more  employees,  where  outsourcing 
will  be  an  expensive  option. 

•  Making  sense  of  the  data  a  security 
event  manager  gives  you  and  formulat¬ 
ing  an  appropriate  response  takes  or¬ 
ganizational  intelligence,  says  Herbert 
Mattord,  a  former  security  professional 
and  now  a  computer  science  profes¬ 
sor.  Only  companies  with  an  estab¬ 
lished  security  program  will  realize  the 
full  benefit. 


event  manager  generates. 

“If  you’re  an  established  security  organiza¬ 
tion,  . . .  [security  event  management]  may  be 
the  next  bridge  to  cross,” says  Mattord,  who  is 
now  an  adjunct  professor  of  computer  sci¬ 
ence  at  Kennesaw  State  University,  in  Kenn- 
esaw,  Ga.“If  not,  it  will  be  a  waste  of  mone>f 

Just  before  he  left  Georgia-Pacific,  Mattord 
evaluated  PentaSafe  Security  Technologies’ 
new  VigilEnt  Intrusion  Manager,  which  col¬ 
lects  alert  data  from  other  PentaSafe  prod¬ 
ucts  as  well  as  from  Cisco  and  ISS  IDSes, 
and  firewalls  from  Check  Point  Software 
Technologies  and  Cisco.  Georgia-Pacific 
was  already  using  other  PentaSafe  products, 
which  focus  on  security  policy,  password 
and  security-vulnerability  management. 

FtentaSafe  has  built  in  correlation  rules, 
reasoning  that  most  users  want  them 
prepackaged,  but  also  allows  rule  creation. 
Mattord  found  the  latter  more  appealing. 
The  PentaSafe  rules  are  “common-sense, 
good-faith  tries,”  but  only  internal  people 
know  the  best  rules  to  use,  Mattord  says. 
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THE  MORE  SECURE  YOUR  FRONT  UNI 
THE  MORE  SECURE  YOUR  BOTTOM  UNI 


MAKE  SECURITY  YOUR  STRENGTH 

Enlist  a  network  security  system  that  is  as  much 
about  your  ROI  as  it  is  about  deterring  threats. 
With  WatchGuard"  at  the  heart  of  a  multi-layered 
security  system,  you  get  ASIC-based  performance — 
and  when  your  data  is  protected,  employees  are 
more  productive  and  budgets  are  saved.  So  you  can 
concentrate  on  maximizing  business  potential. 


■»» 


One  of  the  best  ways  to  spark  ideas  for  better 
security  is  yours  for  free.  Call  1-877-732-8780  or  visit 
www.watchguard.com/guide  to  get  a  complimentary 
copy  of  Better  Security:  A  Practical  Guide. 
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“If  you’re  an  established  security  organization, . . .  [security 
event  management]  may  be  the  next  bridge  to  cross.  If  not, 
it  will  be  a  waste  of  money.” 

Herbert  Mattord,  adjunct  professor  of  computer  science, 

Kennesaw  State  University 


The  DOE  also  likes  to  write  its  own  rules, 
although  the  process  is  arduous  with 
e-Security’s  rules  interface,  Pitton  says.  He 
notes  that  he  is  looking  forward  to  trying  out 
a  new  version,  now  shipping,  that  is  sup¬ 
posed  to  address  the  shortcomings  and  pro¬ 
vide  a  number  of  predefined  correlation 
rules  that  users  can  toggle  on  and  off. 

NO  FREE  LUNCH 

To  varying  degrees, security  event  manage 
ment  vendors  are  addressing  many  of  the 
shortcomings  that  analysts  have  been  citing 
for  some  time.These  include  a  lack  of  scala¬ 
bility  and  inordinate  processor  and  storage 
requirements  that  drive  up  installation  costs. 

In  terms  of  scalability  Corio’s  Milatovich 
foresees  no  problem  with  ArcSight  being 
able  to  handle  his  company’s  phalanx  of 
firewalls,  routers,  VPNs,  antivirus  software 
and  IDSes,  all  of  which  constantly  log  secu¬ 
rity  events.  “That’s  a  lot  of  logging,  millions 


and  millions  of  events,”  he  says.  He  points  to 
ArcSight’s  “industrial  base,”  including  its  use 
of  an  Oracle  database.  Similarly,  Mattord  says 
Georgia-Pacific  uses  PentaSafe  products  to 
handle  1 ,200  servers. 

Storage  requirements  vary  depending  on 
whether  the  vendor’s  approach  calls  for 
keeping  all  log  data,  or  just  the  data  it 
deems  relevant.  Customer  requirements 
also  play  a  role;  a  company  that  wants  to 
see  historical  reports  covering  a  90-day 
period  will  need  far  more  storage  than  one 
that  deems  30  days  to  be  sufficient. 

Hardware  costs  are  a  consideration  for 
software-only  security  event  managers. 


While  a  low-end  Network  Intelligence  ap¬ 
pliance  starts  at  around  $18,000,  a  typical 
installation  of  OpenService’s  software 
costs  about  $100,000  for  larger  compa¬ 
nies.  Similarly,  an  entry-level  installation  of 
e-Security’s  software,  capable  of  monitor¬ 
ing  20  devices,  costs  $95,000. 

“There’s  no  free  lunch  in  life,”  Milatovich 
says.“But  the  benefits  far  exceed  any  initial 
setup  costs.” 

Desmond  is  a  writer,  editor  and  president 
of  PDEdit,  an  IT  publishing  company  in 
Framingham,  Mass.  He  can  be  reached  at 
paul@pdedit.  com. 


Centrally  focused 

You  can  find  centralized  security  management  wares  from  a  variety  of  start-ups  and  established  vendors. 


Vendor 

e-Security 

Product 

Open  e-Security  Platform  consists 
of  e-Sentinel  and  e-Wizard 

Of  note 

Widely  recognized  as  the  market  pioneer,  this  product  was  bom  at  the  telecom  firm 
Harris  Corp.  in  1 996. 

IBM  Tivoli 

IBM  Tivoli  Risk  Manager 

In  addition  to  the  Tivoli  family  of  products,  Risk  Manager  supports  security  products 
from  Cisco,  Check  Point  Software,  Internet  Security  Systems  (ISS),  McAfee,  Symantec 
and  others. 

Intellitactics 

Network  Security  Manager,  NSM 
Advanced  Analytics 

NSM  monitors  security  devices  and  looks  for  suspicious  patterns.  The  NSM  Advanced 
Analytics  module  is  intended  to  unearth  "hidden"  threats  that  develop  over  time. 

netForensics 

netForensics  Security  Information 
Management  platform 

Supports  most  vendors’  security  platforms,  applications  or  databases  with  native 
agents  or  its  Universal  Agent.  Partners  include  Cisco,  Check  Point,  EDS  and  VeriSign. 

Network 

Intelligence 

Network  Intelligence  Engine 
appliance  and  envision  software 

Appliance  can  process  1 5,000  events  per  second,  providing  correlation  and  historical 
reporting.  Can  be  configured  as  complementary  to  platforms  such  as  e-Security’s 
e-Security  Platform. 

OpenService 

NerveCenter,  SystemWatch 

The  NerveCenter  suite  provides  security  monitoring  and  network  management 
functions  while  SystemWatch  is  the  main  event  consolidation  and  correlation  engine. 

PentaSafe  Security 
Technologies 

VigilEnt  Intrusion  Manager 

Soon  to  be  acquired  by  NetlQ  in  a  deal  set  to  close  Dec.  31 ,  PentaSafe  supports 
Snort  IDS,  security  tools  from  Cisco,  Check  Point  and  ISS,  as  well  as  the  emerging 
Intrusion  Detection  Message  Exchange  Format  standard. 

QuardedNet 

neuSECURE 

Supports  an  array  of  network-  and  host-based  intrusion -detection  systems  (IDS), 
firewalls,  operating  systems  and  other  products,  typically  without  agent  software  on 
monitored  devices. 

Symantec/ 
Mountain  Wave 

CyberWolf 

Mountain  Wave  was  successful  selling  CyberWolf  in  the  government  market.  The 
product  gets  high  marks  for  its  scalability. 
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YOU'RE  PROTECTED  AGAINST  HACKERS,  VIRUSES  AND  WORMS. 

BUT  WHAT  ABOUT  ROSE  IN  BENEFITS? 


eTrust"  Security  Solutions 

Complete  protection  for  your  entire  enterprise. 

When  it  comes  to  protecting  your  business,  you  need  security  that  can  protect  your 
enterprise  from  potential  threats,  no  matter  where  they  may  come  from.  That's  exactly 
what  eTrust  does.  Our  family  of  products  allows  you  to  not  only  safeguard  your  entire 
enterprise,  but  also  view  and  manage  that  security  either  centrally  or  from  multiple 
delegated  locations.  So  you  can  continue  to  grow  and  maximize  new  opportunities 
while  minimizing  your  risk.  And  that's  security  you  can  feel  secure  about. 
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PASSWORDS 


Identity  management 
begins  with  the 
humble  password 

Before  you  can  embark  on  a  full- 
fledged  identity  management  program, 
you’ll  need  to  automate  password 
management.  Fortunately, 
product  choices  abound. 


■  BY  JULIE  BORT 


What’s  the  secret  password?  Answering 
that  question  costs  many  IT  departments 
upwards  of  $200  per  user  annually  IDC 
says.  That's  because  passwords  are  a  para¬ 
dox:  Good  passwords  are  not  easily 
cracked,  but  also  are  hard  to  remember. Yet 
passwords  remain  the  most  popular  form 
of  authentication  —  used  by  barebones 
security  and  sophisticated  identity-man¬ 
agement  plans  alike.  Add  to  that  the  prolif¬ 
eration  of  them  —  for  network  access, 
e-mail,  Web  and  legacy  applications  —  and 
you  can  see  why  users  report  about  one- 
third  of  help  desk  calls  concern  passwords. 

Nancy  Tripp,  who  manages  Sun  Trust 
Bank’s  Solution  Center  employee  help  desk, 
knows  all  about  that.  About  a  year  ago,  she 
recorded  the  number  of  password-related 
calls  to  the  help  desk  at  between  27%  and 
35%,  depending  on  the  network  environ¬ 
ment. “This  was  the  area  where  we  had  the 
largest  opportunity  to  gain  some  efficien¬ 
cies,”  says  Tripp,  who  is  vice  president  of 
Solution  Services  for  the  Atlanta  bank. 

To  address  the  inefficiencies, Sun  Trust  last 
October  installed  Courion’s  Password-Cour¬ 
ier  password-management  software.  From 
an  intranet,  employees  now  can  reset  their 


passwords  for  Windows  NT,  NetWare  and 
IBM  mainframe  resource-access  control 
facility  systems.  After  a  reset,  the  software 
synchronizes  the  password  so  that  one 
grants  access  to  all. 

By  March,  employees  were  performing 
37%  of  password  resets  via  PasswordCourier 
for  those  systems,  rather  than  calling  the 
help  desk, Tripp  says. 

Encouraged,  Tripp  tested  a  module  in  the 
summer  that  supports  self-service  resets  for 
Microsoft’s  Active  Directory  Sun  Trust  is  in 
the  process  of  an  enterprisewide  rollout  of 
Active  Directory,  which  some  branches  used 
previously.  This  new  module  also  will  sup¬ 
port  a  higher  number  of  concurrent  users. 
Tripp  says  once  it’s  implemented, even  more 
employees  will  perform  their  own  resets. 

Other  Sun  Trust  IT  units  have  taken 
notice.  In  the  summer,  the  bank’s 
Information  Security  Services  department 
began  negotiations  with  Courion  and  other 
vendors  over  a  broader  identity  manage¬ 


ment  project, Tripp  says. 

Sun  Trust  is  not  an  isolated  case.  Although 
password-management  products  began 
storming  the  market  only  about  a  year  ago, 
many  are  already  stable  and  mature,  with 
vendors  offering  a  plethora  of  features  sure 
to  mesh  with  any  company’s  network,  secu¬ 
rity  plan  or  help  desk  system.  With  list  prices 
starting  at  $15  per  user  —  and  strong  com¬ 
petition  making  vendors  eager  to  negotiate 
—  password  management  is  a  nearly  fool¬ 
proof  way  to  reduce  help  desk  expenses, 
network  executives  say. 

“How  many  resets  do  you  do?  How  long 
does  it  take?  What’s  the  value  of  your  serv¬ 
ice  ...  [as  a  percentage  of  a  help  desk  pro¬ 
fessional’s  typical]  $40,000  salary?  You 
know  you’re  spending  X  number  of  dollars 
and  hours  of  a  day  on  password  resets. 
There’s  also  the  intangible  payback  —  what 
is  the  [public  relations]  of  better  service?" 
says  Cary  McGinnis,  director  of  client  serv¬ 
ices  for  Syracuse  University  in  New  York. 
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PASSWORDS 


THREE  FROM  THREE 

Three  functions  make  up  the  basis  of 
password  management: 

•  Self-service  password  reset,  which  lets 
users  reset  forgotten  passwords  by  correctly 
answering  “challenge  questions”  previously 
supplied.  Similarly,  most  products  support 
agent-assisted  password  resets  in  which  the 
agent  accesses  the  challenge  questions  if 
the  user  calls  the  help  desk. 

•  Password  synchronization,  which  allows 
use  of  a  single  password  for  multiple  sys¬ 
tems.  When  one  password  is  reset,  all  are 
updated  automatically. 

•  Password  policy  enforcement,  which  en¬ 
sures  new  passwords  follow  not  only  oper¬ 
ating  system  requirements  (number  of 
characters),  but  network  policies  (such  as 
restrictions  on  reusing  the  same  password). 

These  functions  can  be  found  in  three 
genres  of  enterprise-level  software:  point 
products,  single  sign-on  tools  and  provi¬ 
sioning  frameworks. 

Point  products  offer  the  most  direct 
relief  for  the  least  cost  —  most  start  at  $15 
per  user,  but  can  drop  to  as  low  as  $1  — 
and  are  the  best  choice  for  the  majority. 
Most  compare  feature  by  feature  but  have 
niches.  Courion’s  PasswordCourier  works 
with  Remedy’s  help  desk  software  to  gen¬ 
erate  audit  log  entries  or  trouble  tickets 
upon  resets.  PentaSafe  Security  Tech¬ 
nologies’ VigilEnt  User  Manager  supports 
the  company’s  intrusion-detection  system 
and  other  modules.  M-Tech  Mercury  Infor¬ 
mation  Technology’s  P-Synch  has  many 
prefabricated  application  interfaces;  Sy- 
mark  Software’s  PowerPassword  supports 
Unix  systems. 

Single  sign-on  tools,  such  as  Computer 
Associates’  eTrust  Single  Sign-on  and  Proto- 
com  Development  Systems’  SecureLogin, 
offer  much  the  same  feature  set,  but  don’t 
just  synchronize  passwords,  they  log  the 
user  on  to  multiple  back-end  systems.  List 
prices  are  higher  than  point  products,  at 
about  $80  per  user. 

Single  sign-on  is  particularly  useful  when 
granting  customers  or  partners  access  to 


Tips  of  the  trade 


Deciphering 
password  tools 


•  Ask  if  a  product  uses  its  own  data¬ 
base,  relies  on  an  existing  source  of 
user  information,  such  as  a  directory  or 
database,  or  does  both. 

•  Ask  how  the  product  stores  answers 
to  password-reset  challenge  questions. 
Some  use  an  encrypted  database. 

•  If  the  product  encrypts  answers,  ask 
how.  Some  use  hash  algorithms  that 
dice  and  scramble  challenge-question 
answers  for  high  security,  but  require 
answers  to  match  stored  data  precisely. 
Others  use  key- based  methods  that 
allow  approximate  matching. 

•  Ask  which  client  interfaces  are  sup¬ 
ported  and  how.  All  support  browsers 
for  password  resets.  Some  also  support 
Windows  and  Unix  screens,  interactive 
voice  response  and  e-mail. 

•  Ask  if  and  how  the  product  uses 
agent  technology.  The  software's  place¬ 
ment  in  your  network  and  possibly  its 
security  needs  will  differ  if  using  an  agent 
vs.  other  methods,  such  as  HTTP  or  cus¬ 
tom-coded  interfaces  into  applications. 

•  Ask  about  standards  support.  Most 
support  Lightweight  Directory  Access 
Protocol  as  a  directory,  but  few  offer  any 
form  of  XML  as  an  output  option.  This 
could  become  important  for  sharing  data 
with  other  applications,  particularly  an 
extranet  via  Web  services.  Today,  most 
vendors  share  data  via  APIs. 


multiple  systems. 

“Single  sign-on  is  [a  matter]  of  user  expe¬ 
rience,"  says  Jonathan  Penn,  an  analyst  for 
Giga  Information  Group.  Imagine  a  bank 


asking  a  customer  to  enter  a  password  to 
access  a  checking  account,  again  for  the 
savings  account,  again  for  another  ac¬ 
count,  he  says.“Customers  get  peeved.” 

In  this  vein  are  Web  authorization  tools, 
such  as  Oblix’s  NetPbint.These  bundle  pass¬ 
word  management  and  single  sign-on  for 
Web  applications  —  costing  $  15  per  user  or 
less.  A  company  could  choose  a  point 
product  for  employee  password  manage¬ 
ment,  and  a  Web  authorization  tool  for 
e-commerce  sites. 

PROVISIONING  OVERKILL 

The  third  category,  provisioning  frame¬ 
works,  essentially  combine  a  workflow 
engine  with  password-management  and  ac¬ 
count-authorization  functions.  They  auto¬ 
mate  the  creation  and  deletion  of  entire 
sets  of  accounts  any  given  user  would  re¬ 
quire.  Examples  of  such  products  include 
Business  Layers’  eProvision  and  Waveset 
Technologies’  Lighthouse. 

Provisioning  is  overkill  for  companies 
needing  mostly  password  management.  A 
provisioning  product  characteristically  re¬ 
quires  considerable  custom  application 
integration  and  business  re-engineering,  so 
it  can  cost  about  $1  million  to  implement. 

But  provisioning  might  be  appropriate  for 
big  password-management  chores.  For  ex¬ 
ample,  Syracuse  University  turned  to  Bus¬ 
iness  Layers’  eProvision  software  to  handle 
the  deluge  of  new  student  accounts  — 
roughly  4,000  —  it  must  create  each  semes¬ 
ter.  With  provisioning,  the  IT  department 
quickly  can  create  the  new  accounts,  cus¬ 
tomized  to  each  student’s  course  of  study, 
while  locking  out  thousands  of  exiting  stu¬ 
dents  or  staff  and  temporarily  suspending 
student  accounts  for  reasons  such  as  non¬ 
payment,  McGinnis  says. 

Companies  developing  full-bore  provi¬ 
sioning  schemes  do  not  need  point  prod¬ 
ucts,  but  those  that  start  with  basic  pass¬ 
word-management  products  easily  can 
move  to  provisioning.All  but  the  most  nar¬ 
rowly  focused  point-product  vendors  offer 
add-ons  for  account-provisioning  tasks:  CA 
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Password  management  in  practice 

Many  password-management  products  support  multiple  clients,  operating  systems  and 
applications,  while  integrating  with  help  desk,  auditing  and  other  network  management 
products.  Here’s  how  they  typically  work. 


offers  eTrust  Admin;  Courion,  Account-Cour¬ 
ier;  and  M-Tech,I.D.Synch. 

Rather  than  have  account  management 
for  each  user  under  every  circumstance, 
these  often  perform  a  subset  of  full-on  pro¬ 
visioning.  For  instance,  l.D.  Synch  special¬ 
izes  in  hire/move/fire  account  manage¬ 
ment.  That  limits  the  project  scope  and 
therefore  the  costs. 

Even  if  a  move  to  provisioning  would 
mean  scrapping  an  installed  password- 
management  system,  the  lower  cost  of 
point  products  —  coupled  with  their  fast, 
high  return  on  investment  —  negates  finan¬ 
cial  risk.Gigas  Penn  says. 

“If  you  are  a  midsized  or  large  company, 
you  have  more  and  more  reasons  to  look  at 
'identity  management’  and  what  provision¬ 
ing  offers,”  he  says.  “But,  you  could  imple¬ 
ment  password  management  first  and 
address  your  point  of  pain.”B 


©A  user  requests 
a  new  pass¬ 
word  through  a 
PC,  telephone 
or  other  front 
end. 


©The  password 
server  replies 
with  challenge 
questions, 
answers  to  which 
could  be  stored 
in  encrypted 
databases. 


©  Upon  receiving  matching 
answers,  the  server  lets  the 
user  pick  a  new  password, 
provided  it  meets  system  and 
enterprise  password  policies. 
It  then  synchronizes  the 
passwords  with  other  back-end 
systems,  so  the  same  one 
works  for  all. 


©  Through  APIs  and  in 
rare  cases  XML,  the 
server  can  then  issue 
a  help  desk  ticket, 
update  an  audit  log, 
send  an  alert  or 
perform  other 
specified  tasks  to  let 
IT  staff  know  of  the 
password  reset. 
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Containing  vulnerabilities 

New-style  vulnerability-management 
offerings  point  out  which  security  flare-ups 
most  threaten  your  network,  and  help  you 
stomp  them  out  quickly. 


■  BY  BOB  VIOLINO  Mich.,  provider  of  financial 

Your  vulnerability-assessment  software  is  services,  has  found  the  cou- 
working  great,  churning  out  loads  of  infor-  pling  of  an  outsourced  ser- 
mation  on  your  security  soft  spots.The  prob-  vice  with  vulnerability-man- 
lem  is,  it’s  working  a  little  too  well.You’ve  got  agement  software  an  effec- 
so  much  data  from  network  scans, you  can’t  tive  way  to  manage  increas- 

figure  out  which  security  concerns  are  the  ing  network  threats.  Because 
most  pressing,  let  alone  how  to  address  it  has  extended  its  network 
those  quickly  and  effectively  in  recent  years  with  wireless 

Enter  the  emerging  field  of  vulnerability  automated  teller  machines 
management.  Vulnerability-assessment  and  and  Web-based  home  banking 
other  security  vendors,  such  as  Foundstone,  applications, the  credit  union  has 

Qualys,  Symantec  and  Vigilinx,  offer  new  watched  potential  vulnerabilities  rise, 
products,  feature  upgrades  or  services  that  Worried  that  conventional  vulnerability-  For  example,  a  Digital  Defense  scan 
help  you  figure  out  what  to  do  after  the  scan,  assessment  tools  couldn’t  keep  up  with  new  showed  that  an  intruder  could  get  access 
These  offerings  typically  identify  which  vul-  threats,  and  knowing  that  he  couldn’t  afford  to  internal  passwords.  Needless  to  say,  the 
nerabilities  can  affect  your  network  and  to  devote  a  staff  member  to  full-time  vulner-  credit  union  fixed  that  problem, 

which  need  immediate  attention.  ability  scanning,  Alan  Darbe,  vice  president  The  credit  union  spends  about  $50,000 

The  ability  to  manage  vulnerabilities,  not  of  IS  at  the  credit  union,  says  he  decided  to  per  year  for  the  vulnerability-management 
just  scan  for  them, comes  none  too  soon.The  try  Digital  Defense’s  Frontline  service  and  service,  which  Darbe  says  has  greatly  eased 
number  of  vulnerabilities  is  skyocketing,  ac-  vulnerability-management  tool.  With  Digital  and  speeded  up  the  process  of  tracking  and 
cording  to  CERT.  It  reports  the  number  of  Defense’s  help,  Darbe  quickly  evaluates  re-  fixing  security  soft  spots, 
computer  vulnerabilities  for  the  first  half  of  ported  vulnerabilities  to  determine  the  fi-  The  money  on  vulnerability  management 
this  year  at  2,148  compared  to  2,437  for  all  nancial  and  operational  risk  to  the  firm,  is  well  spent,  he  adds,  because  information 
of  2001.  Then,  using  the  vulnerability-management  security  is  a  priority  for  the  firm,  which 

“Companies  need  to  prioritize  the  applica-  software,  he  and  his  team  immediately  ad-  holds  hundreds  of  millions  of  dollars  of 

tion  of  security  fixes  based  on  the  risk  to  the  dress  high-risk  threats. The  software  also  up-  members’  savings, 

business,”  says  Michael  Rasmussen,  a  re  dates  the  fixes  as  needed. 

search  director  at  Giga  Information  Group.  Previously  the  credit  union  had  “no  formal  MAKING  THE  IMPOSSIBLE,  POSSIBLE 

way  of  assessing  vulnerabilities”  to  stop  at-  If  you're  looking  for  a  stand-alone  vul- 
SERVICES,  SOFTWARE  COMBO  tacks,  Darbe  says.“Now  we’re  taking  a  more  nerability-management  tool,  expect  to 

State  Employees  Credit  Union,  a  Lansing,  proactive  approach.”  spend  in  the  tens-of-thousands  of  dollars 
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range.  Base  prices  range  anywhere  from 
$10,000  to  $50,000,  with  additional  charges 
per  IP  address,  or  device,  to  be  scanned 
(see  chart  at  www.nwfusion.com,  Doc- 
Finder:2721). 

The  reporting  capabilities  are  worth  the 
investment  in  vulnerability-management 
tools,  some  users  say.  At  Lancaster  General 
Hospital  in  Pennsylvania,  IS  Security  Man¬ 
ager  Terry  Grogan  relies  on  PentaSafe  Se¬ 
curity  Technologies’  VigilEnt  Security  Man¬ 
ager  vulnerability-management  tool  to 
guard  against  attacks  to  its  mixed  network 
of  Unix  and  Windows  NT  servers. 


More  online! 

Get  practical  tips  on  patch 
management,  including  best  patch 
practices  and  a  miniguide  to  patch- 
management  tools. 

DocFinder:  2722 

The  software  continuously  audits  net¬ 
works  and  systems  for  vulnerabilities,  rec¬ 
ommends  corrective  action  and  generates 
detailed  reports  nightly  across  computing 
platforms. 

The  hospital  uses  the  product  mostly  for  its 
reporting  capabilities, Grogan  says.“lt  lets  me 
know  user  activity  levels  and  alerts  me  to 
any  significant  security  events,  weak  pass- 
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words,  or  other  concerns.  In  the  past  I  had  to 
read  110  network  logs  a  day  to  see  if  there 
was  any  suspicious  activity  It  was  an  impos¬ 
sible  chore.  I  looked  at  only  our  most  critical 
servers,  because  1  didn’t  have  the  time  to 
look  at  anything  else,” she  explains. 

At  Motorola,  security  managers  had  relied 
on  sporadic  reports  from  division-level 
operations  staff  for  its  vulnerability  assess- 
ments.“In  some  cases, they  did  a  really  good 
job;  in  others  they  were  not  as  diligent.  So 
we  had  wide  disparities  in  our  degree  of  vis¬ 
ibility’ says  Bill  Boni, chief  information  secu¬ 
rity  officer  at  the  Schaumburg,  Ill., company 


Getting  a  fix  on  vulnerabilities 

This  sample  of  tools  and  services  fall  into  the  emerging  vulnerability-management  field.  For  pricing,  go  to  www.nwfusion.com, 
DocFinder:  2721 . 


Vendor 

Product 

Description 

BindView 

bv-Control 

Uses  vulnerability  assessment  to  find  security  holes  and  configuration  management  to  close  security 
holes,  enforce  security  policies  and  configure  systems  to  best  practices.  It  helps  managers  audit  critical 
systems,  report  vulnerabilities,  enforce  policies  and  establish  security  standards. 

Configure- 

soft 

Enterprise 

Configuration 

Manager  4.0  software 

Provides  an  enterprise  view  of  security  settings  for  Windows  NT  or  higher  servers  and  desktops;  lets 
administrators  assess  systems  for  vulnerabilities  and  compliance  with  security  policies;  can  centrally 
change  configurations  on  any  machine  or  group  of  machines  to  correct  problems  vulnerability  scanners 
discovered. 

Digital 

Defense 

DDI  Frontline  2.0 
service  and  software 

Provides  recurring  external  and  internal  vulnerability  scanning  and  penetration  testing;  tool  lets  managers 
track  the  resolution  of  vulnerabilities. 

Foundstone 

FoundScan  software 
and  service 

Software  measures  and  resolves  security  vulnerability  risks  in  traditional  networks,  wireless  access  points 
and  Web  applications;  provides  network  mapping,  integrated  remediation  management,  a  continually 
updated  vulnerability  database,  short-  and  long-term  trend  analysis  and  Web-based  reports. 

nCircle 

Network 

Security 

IP360  Network 
Exposure 

Management  System 

Provides  network  monitoring,  alerts,  reporting  and  vulnerability  responses.  One  feature  automatically 
blocks  traffic  to  network  devices  with  newly  discovered  security  flaws. 

Mazu 

Networks 

Mazu  Enforcer 
software 

Lets  companies  monitor  network  traffic  for  vulnerabilities;  includes  reporting  tools. 

PentaSafe 

Security 

Technologies 

VigilEnt  Security 
Manager  3.1  software 

Continuously  audits  networks  and  systems  for  security  vulnerabilities;  lets  managers  identify  vulnerabilities, 
take  corrective  action,  and  generate  detailed  reports  across  multiple  platforms. 

Predictive 

Systems 

Information  Sharing 
and  Analysis  Centers 
(ISAC)  services 

Based  on  ISACs,  a  shared  database  of  security  threats,  vulnerabilities,  incidents  and  solutions.  "Vulnerability 
matching  module"  lets  managers  know  if  a  particular  vulnerability  matches  a  piece  of  equipment,  operating 
system  or  application  within  their  company,  and  determine  how  critical  the  threat  is. 

Qualys 

QualysGuard 

Identifies  and  eliminates  network  vulnerabilities  through  a  Web-based  architecture;  sends  IT  managers 
fixes  and  patches  based  on  the  severity  of  the  vulnerabilities. 

Symantec 

Enterprise  Security 
Manager  5.5  host- 
based  application 

Host-based  application  provides  security  policy  compliance  management,  including  the  discovery  of 
policy  deviations  and  vulnerabilities.  It  identifies  systems  that  are  vulnerable  to  a  specific  threat,  and 
helps  managers  prioritize  fixes. 

Vigilinx 

IntelliShield  service 

Continually  monitors  a  database  of  threats  and  vulnerabilities,  lets  managers  track  vulnerabilities  on  more 
than  5,500  IT  products. 
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Now  Motorola  uses  Foundstone’s  Found- 
Scan  software  to  centralize  vulnerability 
scanning  on  its  global  network, which  oper¬ 
ates  in  47  countries  and  connects  200,000 
devices,  and  to  assess  the  risk  of  found  vul¬ 
nerabilities,  he  says. 

Using  the  software,  Motorola  scans  its 
internal  network  for  vulnerabilities  every 
month  and  its  network  perimeter  every 
other  week,  Boni  says. The  Foundstone  soft¬ 
ware  identifies  what  threats  are  the  biggest 
risks,  he  adds.  Motorola  used  to  scan  the 
network  only  several  times  each  year;  it  was 
prohibitively  costly  to  scan  more  often  be¬ 
cause  of  the  networks  vast  size, he  notes. 

With  vulnerabilities  identified  and  priori¬ 
tized,  you  will  also  need  firm  procedures 
for  applying  needed  fixes  quickly  (see 
story,  DocFinder:  2722). The  team  approach 
works  for  some.  Cincinnati  Children’s  Hos¬ 
pital  in  Ohio  has  a  10-person  incident 


response  team, with  individuals  specializing 
in  areas  such  as  virus  protection,  Internet 
security  intrusion  detection,  firewalls  and 
various  operating  systems.  Team  members 
are  notified  whenever  a  vulnerability  is 
found,  and  gather  when  an  exploited  vul¬ 
nerability  would  have  high  impact  on  the 
company 

“Our  policy  is  if  there’s  any  kind  of  vulner¬ 
ability  —  whether  it  comes  in  from  the  help 
desk  or  anywhere  else  —  it  goes  to  the 
[security]  team,”  says  Mike  Belmont,  associ¬ 
ate  director  of  IS  security  at  the  hospital. 

No  doubt,  as  the  number  of  security 
threats  rises,  vulnerability  management  will 
become  a  standard  part  of  corporate  secur¬ 
ity  strategy. 

Violino  is  a  freelance  writer  covering  busi¬ 
ness  and  technology.  He  can  be  reached  at 
bviolino@optonline.  net. 


What  to  do  when 
vulnerabilities  flare  up 

•  Keep  an  up- 
to-date  inven¬ 
tory  of  hard¬ 
ware,  operating 
systems  and 
applications,  so 
you  can  identify 
which  specific 
vulnerabilities 
could  affect  your 
company. 

•  Prioritize  vul¬ 
nerabilities  based  on  the  potential  risk  to 
the  business,  and  address  those  with 
the  highest  level  of  risk  first. 

•  Develop  procedures  for  quickly 
applying  fixes  to  particular  vulnerabilities. 

•  Keep  track  of  who  is  responsible  for 
specific  vulnerabilities  and  whether  the 
correct  fixes  were  successfully  applied. 


How  do  you  approach 
wireless  LAN  security? 

Quit  monkeying  around — start  using  802. lx  strong  authentication  software 
to  validate  user  identities  and  block  intruder  access  to  your  network. 

802.  lx  security  is  a  standards-based  technology  that  provides  a  full  line  of 
defense  by  securely  encrypting  traffic  between  clients  and  access  points. 

Visit  www.interlinknetworks.com  to  learn  more,  and  download 
free  WLAN  security  white  papers  from  our  Resource  Library 
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Experts  in  Securing  Network  Access 


734-821-1228 


www.interlinknetworks.com 
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Wirelesi 

secret  spy  cam 

boudoit  security  has  novae  tx 

*OCI  SO  cool.  f 

^^ave  yourself  from  hordes  of  bandwidth  hungry  ads! 

Stop  intrusive  pop-ups,  banner  ads  and  other  annoying 
advertising  from  wasting  your  time  and  your  company  s  network 
resources.  NetSpective  WebFilter“  is  a  stand-alone,  plug  and  play, 
rack-mount  URL  filtering  appliance  that  helps  you  reduce  network  waste 
without  impacting  network  performance.  NetSpective  WebFilter  s  SideScan 
Filtering"  technology  scales  effectively  to  support  a  variety  of  environments  from 
small  to  large  networks. 

Telemate. Net  Software  solutions  are  available  worldwide  through  authorized 
partners.  Email  us  at  webfilter@getnetspective.com  for  more  information. 


By  Telemate.Net  Software,  a  Verso  Technologies  Company 


www.getnetspective.com 


Network  World’s 


The  Hub  of  the  Hetwork  Buy 


Marketplace 
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Reclaim  Control  of  Your  Network 
in  Less  Than  an  Hour 


AVStripper 

A  transparent  bridge  that  removes  viruses  at 


the  network  gateway  ^ 


AVStripper 


“ AVStripper  has  been  like  a  dream  to  me... you  just  give  it  an  IP  address,  add  in  your 
password,  and  you’re  off.  Just  plug  it  in.  It’s  easy  to  customize  and  configure  too.  ” 

John  Dyki,  President  of  Elk  River  Computers 


“ AVStripper  is  a  simple,  quick  and  highly  efficient  way  to  protect  your  network  from 
viruses.  You  can  go  from  the  doghouse  to  the  hero  in  less  than  an  hour.  ” 

Dale  Johnson,  President  of  Johnson  Consulting 


‘We  have  never  had  a  product  that  is  so  easy  to  install  nor  is  as  effective  as  AVStripper!” 

Robert  Deitz,  II,  President/CEO  of  Government  Technology  Solutions,  Inc.  (gTech) 


Cost  of  Implementation 


AVStripper  transparent  bridge  Proxy-based  gateway  solution 

|$1 20  |  $3,000 


Total  implementation  time  2  hours  |Total  implementation  time  50  hours 


Figures  based  on  cost  of  single  technician  $60/hour.  Assumes  time  to  configure  one  computer  is  15  minutes,  and  there  are  200 
individual  computers  on  the  network. 


TREND 

MICRO 


Proven  Technology 

♦  Partnership  between  Ositis  and  Trend  Micro  provides  state 
of  the  art  technology 

♦  OSAP  (Ositis  Security  Appliance  Platform)  provides  a  stable  platform  for  delivery  of  security  solutions 

♦  Scans  all  major  protocols  (HTTP,  FTP,  Socks,  SMTP,  POP3,  IMAP4,  and  NNTP) 

Reduce  Costs 

♦  Easy  installation,  no  changes  needed  to  the  current  network  infrastructure 

♦  Stops  viruses  at  the  gateway  before  they  enter  the  network 

♦  Prevents  internal  users  from  sending  infected  files 


High  Availability 


♦  Load  balancing/redundant  units 

♦  Automatic  updates  of  virus  definitions  every  hour 

♦  Multiple  layers  of  software  and  hardware  monitoring  ensure  stability  and  reliability 

Transparent  site  filtering  appliance  also  available.  See  SiteStripper™  on  our  website  -  www.Ositis.com 


O  S  I  T  I  S  888-946-  7769  ♦  ww.ositis.com/avstrippq 

Powering  Internet  Management:  Ositis.  AVStripper,  and  Powering  Internet  Management  are  registered  trademarks  or  trademarks  of  Ositis  Software,  Inc.  Trend  Micro  is  a  trademark  ol  Trend  Micro  Corpora* 


www.nwfusion.com 
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Slow  growth:  Just  one  Oracle  challenge 


r  1 

Oracle  looks  for  growth  medicine 

Increased  competition,  slowed  corporate  spending  and  product 
issues  are  dogging  Oracle  as  it  cuts  costs  and  tries  to  bring  new, 

revenue-boosting  products  to  market. 

[[■Challenges 

Strategies  /y  G 

•  Weak  IT  spending. 

•  Continue  cost-cutting;  sustain  R&D  spending. 

•  Closing  price  gaps  with  IBM, 

•  Spark  upgrades  to  newest  releases. 

Microsoft. 

•  Heavy  investment  in  software  fixes, 

•  CRM  applications  plagued  by  bugs. 

redesign  and  customer  support. 

•  Competitive  pressures, 

•  Sustain  marketing  efforts  for  Collabora¬ 

especially  from  IBM. 

k. 

tion  Suite,  Application  Server,  CRM  suite. 

_ u 

■  BY  JOHN  COX 

In  Oracle’s  most  recent  quarterly  results, 
network  executives  can  see  a  vendor  strug¬ 
gling  to  do  pretty  much  what  they  are: 
squeeze  out  costs  and  juggle  several  pro¬ 
jects  to  boost  revenue  in  the  face  of  a  steep 
slowdown  in  enterprise  software  spending. 

So  far,  Oracle  is  having  some  success,  sus¬ 
taining  what  one  analyst  called  “anemic 
growth” and  meeting  the  modest  targets  for 
revenue  and  profit  increases  set  by  Wall 
Street  analysts. 

Much  of  that  limited  success  is  caused  by 
continued  support  from  the  installed  base 
of  customers  and  the  willingness  of  cus¬ 
tomers  to  upgrade  to  the  latest  Oracle  9i 
database  release.  In  both  cases,  network 
executives  seem  willing  to  spend  for 
license  updates  and  support  services. 
Oracle  CEO  Larry  Ellison  last  month  said 
that  about  25%  of  customers  have  made 
the  switch  to  the  latest  database  release. 

“There  is  only  so  much  you  can  do  to 
fight  [the  sharp  reduction  in  IT  spending]” 
says  Rich  Petersen,  research  analyst  with 
WR  Hambrecht  &  Co.“Oracle’s  done  well  in 
all  of  those  things.” 

So  far,  though,  things  aren’t  looking  good 
for  this  year.  For  the  company’s  first  quarter 
2003,  ended  Aug.  31,  revenue  came  in  at 
$2.03  billion,  down  from  $2.27  billion  a 


■  Entrust  last  week  announced  plans 
to  roll  out  security  software,  Secure 
Transaction  Platform,  to  protect 
XML-based  Web  services  used  in 
Microsoft's  .Net,  IBM's  WebSphere 
and  BEA  Systems'  WebLogic  servers. 
Entrust  next  month  intends  to  make 
available  software  components  called 
the  Verification  Service  for  applying 
digital  signatures  and  time  stamps  to 
XML.  By  early  next  year,  Entrust  will 
provide  software  add-ons  for  the 
servers  to  apply  password -based 
authentication,  along  with  a  number 
of  other  verification,  privacy  and  enti¬ 
tlement  mechanisms  associated  with 
securing  Simple  Object  Access 
Protocol-based  requests  on  the  Web. 
www.entrust.com 


year  earlier.  And  new  software  licenses  are 
down  about  23%. 

Oracle  CFO  Jeff  Henley  in  a  conference 
call  with  analysts  last  month,  said  he  still 
expects  growth  to  improve  in  the  latter  half 
of  fiscal  2003,  which  is  the  first  half  of  cal¬ 
endar  2003.  Analysts  say  those  targets 
appear  to  be  realistic  provided  that  the 
economy  and  IT  spending  at  least  remain 
stable.  Henley  described  the  current  econ¬ 
omy  as  the  “worst  technology  environment 
we’ve  seen  since  1974, 1975.” 

There  are  other  clouds  on  the  horizon 
though. For  one  thing, Oracle  faces  growing 
database  competition  from  IBM  in  the  high 
end  of  the  enterprise  market  and  Microsoft 
in  the  low  end.  The  company’s  market 
share  is  uncertain.  Earlier  this  year,  Gartner 
said  IBM  had  taken  the  top  spot  in  the 
enterprise  market,  partly  because  of  its 
acquisition  of  the  Informix  database  busi¬ 
ness.  But  IDC  still  gives  Oracle  a  slight  edge. 
Microsoft’s  SQL  Server  trails  both  but  is 
showing  strong  growth  in  small  to  midsize 


■  BY  JOHN  FONTANA 

REDWOOD  CITY  CALIF  —  Tumbleweed 
says  later  this  month  it  will  ship  technology 
that  makes  it  easier  for  corporations  to 
send  secure  and  encrypted  e-mail  from 
their  existing  messaging  systems  and  mes¬ 
saging-enabled  applications. 

With  Secure  Guardian  5.5,  a  gateway 
product  that  installs  on  a  corporate  net¬ 
work,  the  company  is  introducing  the  abil¬ 
ity  to  send  an  encrypted  e-mail  across  the 
Internet  without  requiring  software  to  be 
installed  on  the  recipient’s  desktop. 

The  feature,  called  Secure  Envelope,  is 
desired  by  organizations,  such  as  those  in 
financial  services  and  healthcare,  that 
would  like  to  use  e-mail  for  customer  ser¬ 
vice  but  face  federal  confidentiality  regula¬ 
tions  in  using  electronic  communications. 

Secure  Envelope  is  a  one-way  channel 
unless  both  parties  have  Secure 
Guardian.  A  recipient  without  the  soft¬ 
ware  would  have  to  use  an  alternative 
means  to  securely  respond,  such  as 
through  a  Web-based  portal. 

“We  see  a  lot  of  companies  asking  about 
CRM  and  customer  service,”  says  Jonathan 
Penn,  an  analyst  with  Giga  Information 
Group.“Some  industries  want  to  communi- 


companies,  according  to  analysts. 

That  competitive  closeness  is  revealing, 
especially  when  only  a  couple  of  years 
ago,  no  one  questioned  that  Oracle  was 
the  market  leader.  Part  of  the  reason  for 
the  rivals’  advances  is  that  they  charge 


cate  with  customers  using  e-mail  but  they 
have  been  hampered  by  regulations.” 

Penn  says  the  Tumbleweed  software  fits 
well  with  companies  that  are  concerned 
about  the  privacy  of  the  e-mail  they  send 
and  that  don’t  need  the  nonrepudiation 
and  other  high-level  features  of  a  secure 
messaging  infrastructure  based  on  public- 
key  infrastructure  (PK1). 

Security  has  become  a  top  priority  in 
corporations,  but  secure  e-mail  has  not 
taken  off  mainly  because  the  complexities 
and  costs  of  setting  up  a  PKI  to  support 
Secure  Multi-purpose  Internet  Mail 
Extensions  (S/MIME).  Organizations  that 
want  cost-effective  secure  e-mail,  however, 
have  turned  to  products  that  don’t  require 
PKI, such  as  those  from  Tumbleweed,  PbstX, 
Sagaba  and  Authentica. 

Tumbleweed  is  stepping  up  Secure 
Guardian  to  fend  off  the  competition. 

Secure  Envelope  uses  128-bit  encryption. 
It  creates  an  encrypted  HTML  attachment 
to  an  e-mail  message,  and  when  recipients 
open  the  message,  they  click  on  the  attach¬ 
ment  and  are  asked  to  enter  a  prearranged 
password. The  password  opens  the  attach¬ 
ment  into  a  Web  browser. 

Tumbleweed  also  is  introducing  its 
Dynamic  Digital  Certificate  Lookup,  which 


lower  prices.  Oracle  is  still  widely  seen  as 
a  premium-priced  database,  though 
Ellison  repeatedly  says  that  Oracle  has 
adopted  Microsoft’s  model  of  low  prices 
to  achieve  high  volume. 

See  Oracle,  page  28 


caters  to  users  of  S/MIME.  The  software 
eliminates  the  need  for  a  sender  of  a  mes¬ 
sage  to  manually  locate  a  recipient’s  public 
key  The  key  which  is  contained  within  a 
digital  certificate,  is  used  to  encrypt  a  mes¬ 
sage,  which  recipients  decrypt  using  their 
private  key. 

The  software  can  perform  a  dynamic 
query  into  any  directory  based  on  Light¬ 
weight  Directory  Access  Protocol  to  find 
available  public  keys.  The  Tumbleweed 
gateway  also  can  check  to  see  if  the  key 
has  been  revoked. 

Secure  Guardian  5.5’s  response  feature, 
Secure  Response,  converts  Web-based 
e-mail  into  messages  based  on  Simple  Mail 
Transfer  Protocol  (SMTP). 

“The  message  here  is  that  all  your  inter¬ 
nal  systems  can  talk  SMTP  so  that  is  the 
way  to  deliver  messages,”  says  Ken  Beer, 
product  line  manager  for  Tumbleweed. 
“Doing  it  this  way  means  you  don’t  have  to 
create  programmatic  interfaces.” 

Tumbleweed’s  Secure  Guardian  5.5  runs 
on  Windows  2000  and  Sun  Solaris.  It  sup¬ 
ports  Oracle  and  Microsoft  SQL  Server 
databases.  The  software  is  priced  per  CPU 
with  the  average  large  corporation  installa¬ 
tion  starting  at  $300,000. 

Tumbleweed:  www.tumbleweed.com 


Secure  e-mail  on  tap  from  Tumbleweed 


When  .NET  connected  software  helps  you  quickly  connect  islands  of  data  into  one  clear  picture  for  your  employees,  that’s 
one  degree  of  separation.  All  too  often,  data  critical  to  internal  decision-making  is  scattered  throughout  your  enterprise,  and  you  need  to 
collect  and  present  it  in  a  way  that  makes  sense— quickly.  Microsoft"  SQL  Server™  2000  Enterprise  Edition  with  Analysis  Services  unifies  and 
analyzes  data  from  various  systems  using  Data  Mining  and  Data  Transformation  Services.  Analytics  built  into  Data  Analyzer  make  information 
available  immediately  to  the  employees  who  require  it,  in  a  way  that  makes  decision-making  easier  and  more  effective.  And  that’s  important, 
because  when  vital  decisions  are  put  off,  so  are  profits.  That’s  one  degree  of  separation.  That’s  business  intelligence  with  .NET.  Find  out  how 
.NET  connected  software  can  help  you  see  the  big  picture.  Go  to  microsoft.com/enterprise  Software  for  the  Agile  Business. 


C  2002  Microsoft  Cor  pot  •lion  Ail  rights  reset  ved  Microsoft  end  Windows  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  Slates  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 


CompUSA  used  Microsoft  SQL  Server  2000  with  Analysis  Services  and  Data  Transformation  Services 
to  extract  point-of-sale  data  from  228  stores,  150  applications,  and  numerous  databases,  and  then 
integrate  the  information  into  one  data  warehouse.  Now,  not  only  are  employees  able  to  get  a  clearer 

- N  picture  of  the  business  at  large,  but  the  quick  delivery  of  data  means  they 

can  adjust  to  meet  opportunities  as  they  knock. 


Full  Desktop  Client 


NetworkWorld 
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All  the  news  fit  to  find 


Google  recently  strengthened  its 
untouched-by-human-hands  news 
service,  news.google.com,  and  it’s 
quite  good.  Maybe  too  good. 

Google  has  applied  its  Web  crawling, 
searching  and  organizing  technology  to 
the  problem  of  figuring  out  what  is  news.  If 
you  have  watched  the  1 1  p.m.  news  recent¬ 
ly  you  know  that  figuring  this  out  is  a  task 
that  exceeds  the  ability  of  all  too  many 
people  with  the  title  of  news  director.  The 
random  mixture  of  hype  and  trivia  that  gets 
presented  as  news  is  mostly  useful  as  a 
lead-in  to  Leno  and  Letterman  rather  than 
a  way  to  find  out  what  is  happening  in  the 


world.  Well,  maybe  you  can  find  out  if  the 
local  sports  teams  won  and  what  the 
national  weather  service  computer  guess¬ 
es  the  local  weather  will  be  tomorrow. 

And  the  1 1  p.m.  news  comes  off  as  sedate 
and  erudite  compared  with  the  morning 
“news”  shows,  particularly  the  revamped 
(pun  intended)  CNN  Headline  News  early 
morning  show. 

The  newspapers  and  their  online  sites  are 
much  better,  but  their  editors  have  their 
own  ideas  of  what  readers  would  be  inter¬ 
ested  in  or  what  types  of  stories  fit  the 
image  they  want  to  project.  The  TV  news 
Web  sites  also  are  generally  OK.  But  all  of 
these  sites  take  a  lot  of  work  and  are  con¬ 
strained  by  the  vision,  or  lack  of  it,  of  the 
news  directors. 

Googles  site  works  by  scanning  (it  says) 
4,000  news  sites  from  around  the  world 
and  applying  the  same  ranking  algorithms 
as  it  uses  for  its  regular  searches.  Those 
algorithms  seem  to  me  to  still  produce 


remarkable  results,  with  the  site  I’m  looking 
for  showing  up  on  the  first  screen  almost 
all  the  time. 

What  the  use  of  these  algorithms  means 
on  the  news  pages  is  that  the  set  of  stories 
presented  is  not  constrained  by  a  news 
director  trying  to  fit  the  company  image. 
You  might  predict  that  this  would  result  in 
a  far  more  eclectic  set  of  stories  —  and  it 
does  sometimes  —  but  not  nearly  as 
strange  as  1  expected. 

The  top  stories  are  not  all  that  different 
from  the  ones  on  cnn.com,  but  the  breadth 
is  much  greater.  Today  there  was  a  lot  of 
coverage  of  the  Japanese  Formula  One 
race  on  the  front  page,  where  it  was  almost 
invisible  on  the  other  U.S.  news  sites  I 
looked  at  (as  an  FI  fan,  I  thought  extra  cov¬ 
erage  was  good). 

Because,  it  is  said,  no  human  looks  at  the 
results  before  they  are  posted,  quirks  can 
happen,  such  as  stories  on  the  Dalai  Lama 
and  a  Hungarian  decision  to  make  the 


www.nwfusion.com 


Nobel  Prize  award  tax-exempt  showing  up 
in  the  entertainment  section.  But,  if  you 
don’t  like  the  set  of  articles,  check  again  in 
a  few  minutes;  it  will  change.  Because 
Google  sells  its  software  to  corporations, 
the  same  sort  of  service  could  be  quite  use¬ 
ful.  But  will  company  executives  be  willing 
to  not  “help”  set  the  view? 

What  could  be  wrong  with  such  a  ser¬ 
vice?  Quite  a  bit,  if  you  are  a  news  director 
who  wants  to  keep  your  job  or  someone 
else  who  thinks  that  news  needs  to  be  con¬ 
trolled. The  latter  is  far  too  common. 

Disclaimer:  Controlled  news,  like  con¬ 
trolled  knowledge,  is  by  definition  incom¬ 
plete,  and  not  a  good  thing  in  a  place  like 
Harvard.  But  the  above  ramble  is  mine 
alone. 

Bradner  is  a  consultant  with  Howard 
University’s  University  Information  Sys¬ 
tems.  He  can  be  reached  at  sob@sob 
co.com. 


Portal  vendors  ease  remote  access  security 


■  BY  JENNIFER  MEARS 

Businesses  looking  to  hook  remote  work¬ 
ers,  customers  and  partners  into  their  cor¬ 
porate  portals  could  find  securing  such 
access  easier  with  new  features  from  Sun 
and  CoreChange. 

In  the  past,  companies  offering  remote 
access  to  the  content  and  applications 
within  their  portals  had  to  set  up  third-party 
security  functions  such  as  a  proxy  server  or 
a  VPN.  Portal  vendors  such  as  CoreChange 
and  Sun  say  that  approach  causes  too 
many  headaches  for  users  because  they 
are  forced  to  integrate  the  stand-alone  sec¬ 
urity  pieces  into  their  portal  architecture. 

As  a  result,  CoreChange  and  Sun  have 
introduced  secure  remote  access  capabil¬ 
ities  that  are  designed  to  integrate  with 
their  respective  portals,  using  access  fea¬ 
tures  such  as  identity  management  and 
single  sign-on  already  available  through 
the  portal. 

“Typically,  proxy  servers  are  deployed 
stand-alone  and  managed  separate^’ says 
Jeff  Spotts,  executive  vice  president  of  mar¬ 
keting  at  CoreChange.  “In  our  model,  the 
two  components  work  together  dy¬ 
namically  You  manage  users  and  user  enti¬ 
tlements  in  one  place  vs.  the  typical  alter¬ 
native  of  having  to  integrate  one  vendor’s 
portal  software  with  another  vendor’s 
security  infrastructure.” 

CoreChange  this  month  announced  its 
new  CoreSecure  software  for  its  Coreport 
portal. The  software  runs  on  Windows  2000 
and  sits  on  a  server  in  the  network’s  unpro¬ 
tected  area,  or  demilitarized  zone  (DMZ). 
When  a  remote  user  accesses  the  portal, 
the  request  is  sent  to  CoreSecure,  which 
establishes  encrypted  communication 
with  the  portal  server  running  behind  the 
corporate  firewall. The  portal  server,  which 
contains  information  about  user  access 


rights,  determines  what  content  a  particu¬ 
lar  user  can  access. 

Sun’s  Secure  Remote  Access  6  is  similar. 
It  is  the  latest  version  of  Sun’s  VPN-on- 
demand  technology,  which  takes  ad¬ 
vantage  of  security  features  within  the 
Sun  One  Portal.  The  software  runs  on  a 
server,  called  a  Gateway,  that  sits  in  the 
DMZ.  The  Gateway  creates  a  secure  tun¬ 
nel  to  the  Sun  One  Portal  Server,  which 
uses  the  Sun  One  Identity  Server  to  man¬ 
age  user  authentication,  single  sign-on 
and  other  access  policies. 

Once  the  Sun  One  Portal  Server  autho¬ 
rizes  the  requesting  user,  it  proxies  that 
information  to  the  gateway,  which  estab¬ 
lishes  a  secure  connection  with  the  user. 

Advocate  Health  Care  in  Oak  Brook,  Ill., 
has  used  secure  remote  access  to  its  Sun 
One  Portal  since  April.  Gary  Horn,  manager 
of  network  services,  estimates  the  organiza¬ 
tion  has  saved  “upwards  of  a  half-million 


Going  mobile 

IDC  says  the  number  of  mobile 
workers  in  the  U.S.  will  increase 
from  92  million  in  2001  to 

105  million 

in  2006. 


dollars  in  development  and  installation 
costs” by  using  the  Secure  Remote  product, 
rather  than  configuring  a  stand-alone  secu¬ 
rity  device. 

“We  looked  at  other  methodologies  [to 
secure  remote  access  to  the  portal] ,”  he 
says.  “We  wouldn’t  have  had  a  very  inte¬ 
grated  system  so  there  would  have  been  a 
lot  more  development  involved,  more 
platforms  required  and  more  manage¬ 


ment  issues.” 

Horn  says  there  are  about  1,800  physi¬ 
cians  and  employees  accessing  the  portal 
remotely  a  number  expected  to  increase  to 
about  10,000  next  year.  Physicians  can 
access  a  range  of  content  and  applications 
from  the  portal,  including  patient  informa¬ 
tion,  a  big  reason  why  security  is  so  impor¬ 
tant,  Horn  says. 

Analysts  say  Sun  and  CoreChange  are 
smart  to  offer  proxy  servers  that  can  inte¬ 
grate  with  established  portal  security  fea¬ 
tures,  eliminating  the  need  to  define  access 
rights  in  a  standalone  proxy  or  install  client 
software  on  remote  devices  to  support  a 
VPN. 

Coreport  CoreSecure  is  available  immedi¬ 
ately  and  pricing  starts  at  about  $50  per 
user.  The  Sun  One  Portal  Server,  Secure 
Remote  Access  6  product,  is  slated  to  be 
available  in  60  days.  It  requires  a  twcAJPU 
license  and  is  priced  at  $95,000.  ■ 


Oracle 

continued  from  page  25 

“IBM  is  putting  pricing  pressure  on  the  top  end  of  the  market,” 
Hambrecht’s  Petersen  says."  [So]  IBM  doesn’t  need  to  take  a  lot  of 
market  share  to  really  hurt  Oracle.” 

Several  new  businesses  that  Oracle  recently  launched  have 
failed  to  be  big  hits,  at  least  so  far.  One  example  is  the  company’s 
CRM  applications,  introduced  with  much  fanfare,  as  was  the  over¬ 
all  lli  version  of  the  Oracle  E-business  Suite,  about  two  years  ago. 
Both  were  plagued  by  bugs  and  missing  features,  and  a  chorus  of 
user  complaints.  Officers  of  the  International  Oracle  Users  Group 
were  quoted  as  saying  the  applications  were  “not  ready  for  prime 
time.” 

“They  put  a  lot  of  manpower  into  fixing  those  problems,"  Petersen 
says.“They've  recovered  pretty  well.” 

In  addition,  Oracle’s  application  server  faces  tough  competition 
in  a  market  where  the  software  might  be  on  the  way  to  becoming 
a  commodity.  An  August  report  by  AMR  Research  found  that  cor¬ 
porate  respondents  considered  SAP  Oracle  and  PeopleSoft  the 


leading  application  vendors. 

The  Oracle  Collaboration  Suite,  which  Oracle  hopes  to  use  to 
gain  a  share  of  a  software  market  IDC  estimates  to  be  worth  about 
$1.6  billion  in  2001,  became  available  this  month.  Rene  Bonvanie, 
vice  president  of  Oracle  9i  marketing,  insists  that  Oracle  sees  col¬ 
laboration  and  groupware  as  a  market  where  the  company  can 
take  market  share  from  IBM  and  Microsoft,  which  dominate  with 
Lotus  Domino  and  Exchange,  respectively  “This  is  a  major  growth 
area  for  us,” he  says.“The  Collaboration  Suite  is  now  our  fourth  busi¬ 
ness  after  database,  applications  and  application  server? 

CFO  Henley  said  the  company’s  cash  flow  remains  strong,  and  its 
profitability  is  high.  “We  continue  to  believe  that  we  should  see 
gradual  improvement  in  our  year-over-year  growth  comparisons  in 
these  coming  quarters,”  he  told  analysts.“Though  my  current  view 
is  that  the  rate  of  recovery  could  be  a  bit  slower  than  I  had  said  a 
quarter  ago.” 

Fbtersen  says  Oracle  has  squeezed  out  most  of  what  expenses  it 
can  and  will  have  to  rely  on  new  revenue  from  customers  and, 
eventually  an  economic  recovery. 

Oracle:  www.oracle.com 
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Imagine  it: 

Scaling  up  to  a  server  for  mission-critical 
applications  that’s  stable,  easy  to  manage  and 
delivers  enterprise-class  performance.  All  in  a 
server  that  maximizes  the  benefits  of  your 
enterprise  operations. 


)one: 

Unisys  has  made  it  all  real  with  our  ES7000  server. 
It  harnesses  32  Intel®  Xeon™  Processors  for 
scalability  and  grown-up  enterprise-class 
performance.  Unisys  has  created  a  server  with 
advanced  systems  management  for  less 
babysitting  and  rock-solid  reliability  running 
Microsoft®  Windows®  2000  Datacenter  Server 
software.  It  all  adds  up  to  reduced  total  cost  of 
ownership  and  a  mature  server  environment  to 
simplify  your  operations. 
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REGULATORY  AFFAIRS 

Dueling  lawsuits  concern  GDN  users 

Patent  battles  between  Akamai,  Digital  Island  and  Speedera  seen  as  a  drag  on  fledgling  industry. 


■  BY  JENNIFER  MEARS 

Once  the  high-flying  darlings  of  the  Inte¬ 
rnet  boom,  content  delivery  networks 
have  sunk  into  a  morass  of  complicated 
legal  tanglings  that  has  cast  a  shadow 
over  the  market  and  created  anxiety 
among  customers. 

CDN  market  leader  Akamai  fired  the  ini- 


■  The  Service  &  Support  Profes¬ 
sionals  Association  has  teamed  with 
collaborative  CRM  software  maker 
ePeople  to  create  an  online  collabo¬ 
ration  vehicle  for  IT  professionals 
looking  for  better  ways  to  manage 
their  support  centers  and  customer 
relations  projects.  The  SSPA  Connect 
service,  which  went  live  this  month,  is 
hosted  at  an  ePeople  data  center  and 
is  available  free  to  SSPA  members 
through  a  secure  logon.  While  SSPA 
has  provided  its  members  information 
and  support  since  it  was  founded  in 
1989,  this  is  the  first  time  it  has 
offered  a  real-time  collaboration  tool. 
With  SSPA  Connect,  all  of  the  more 
than  18,000  SSPA  members  are  linked, 
providing  users  with  a  resource  for 
solving  CRM  and  support  problems, 
says  Bill  Rose,  founder  and  CEO  of 
the  SSPA. 

■  Web  hosting  firm  Affinity  Inter¬ 
net,  which  competes  with  Interland 
and  Verio  in  catering  to  small  and  mid¬ 
size  businesses,  has  deepened  its  ser¬ 
vice  portfolio  with  the  acquisition  of 
Bigstep  in  an  all-stock  transaction. 
Bigstep  is  a  hosting  company  that 
provides  Web  templates  and  other 
online  tools  to  help  companies  set  up 
e-commerce  operations.  It  has  busi¬ 
ness  partnerships  with  AOL's  Small 
Business  channel  and  Netscape's 
NetBusiness.The  acquisition  gives 
Affinity  access  to  Bigstep's  core 
development  team  to  expand  the 
range  of  services  available  to  Affinity 
customers,  Affinity  executives  say. 


tial  volley  in  September  2000  of  what  has 
become  an  increasingly  heated  battle  with 
competitors  Digital  Island  and  Speedera. 
Now,  in  addition  to  accusing  Speedera  of 
patent  infringement,  Akamai  says  the  com¬ 
pany  illegally  hacked  into  its  database  of 
customer  performance  figures  and  is 
engaged  in  a  he-said-she-said  battle  with 
Digital  Island  as  each  company  tries  to 
turn  off  the  others  service. 

Customers  find  the  wrangling  unsettling. 

“Most  of  our  time  should  be  focused  on 
running  our  businesses  and  these  [legal 
issues]  are  distractions  to  that,”  says  one 
Akamai  customer  who  asked  not  to  be 
named.  “As  if  worrying  about  whether  a 
business  is  going  to  stay  in  business  wasn’t 
enough,  now  we’ve  got  this.” 

It’s  a  convoluted  situation  that  appears  no 
closer  to  a  resolution  than  when  the  first 
lawsuit  was  filed.  While  most  customers  do 
not  appear  concerned  their  service  might 
be  shut  down  soon,  they  say  they  are 
watching  the  legal  maneuvering  closely 
and  consider  the  situation  an  annoyance. 

“I’m  sure  it’s  distracting  them  and  that’s 
frustrating,”  says  a  Speedera  customer  who 
asked  not  to  be  identified.“lt  would  be  nice 
if  they  could  just  concentrate  on  business. 
But  in  the  end,  we’ll  stay  with  a  CDN  if  it 
makes  sense  from  a  cost  [and  perfor¬ 
mance]  perspective.” 

Patent  infringement  lawsuits  are  hardly 


unusual  in  the  tech  sector,  where  intellec¬ 
tual  property  is  a  key  asset.  Last  month,  for 
example,  Hewlett-Packard  sued  EMC  for 
patent  infringement  just  months  after  EMC 
traded  infringement  claims  with  Hitachi 
Data  Systems. 

The  issue  within  the  CDN  market,  though, 
is  the  protracted  and  increasingly  nasty 
nature  of  the  proceedings,  analysts  say 

“In  many  cases,  these  suits  end  up  being 
much  ado  about  nothing.  When  all  is  said 
and  done  there  is  either  some  sort  of  set¬ 
tlement  or  some  modification  of  behavior 
and  you  move  on,”  says  Rob  Batchelder,  a 
research  director  at  Gartner.  “But  when  PR 
agencies  are  saying, Tm  going  to  shut  these 
guys  down’  and  then  the  countersuit  flies 
and  says,  Tm  going  to  shut  those  guys 
down’  and  they’re  asking  for  injunctions, 
that’s  when  the  lawyers  have  taken  over 
and  started  running  the  company’ 

What’s  more,  the  complex  nature  of  the 
CDN  patent  disputes  make  it  difficult  for 
customers  to  understand  what  the  legal 
fighting  is  about  and  which  companies 
might  be  vulnerable. 

The  saga  started  when  Akamai  sued 
Digital  Island,  claiming  infringement  of  its 
patent  that  covers  technology  involving 
renaming  URLs  to  join  a  CDN  host  name  to 
a  domain  name  and  path  to  direct  content 
requests  to  edge  caching  servers. 

Digital  Island  fired  back  with  a  lawsuit, 


accusing  Akamai  of  infringing  on  its  patent 
that  covers  ways  to  track  data  to  ensure  the 
freshest  information  is  delivered  to  Web 
sites  and  that  duplicate  information  is  not 
stored  in  its  caches. 

A  little  more  than  a  year  later,  in 
December  2001,  a  federal  jury  found  that 
Akamai  was  not  infringing  on  Digital 
Island’s  patent,  but  that  Digital  Island  was  in 
violation  with  its  Footprint  service.  Digital 
Island,  which  had  been  acquired  by  Cable 
&  Wireless  the  year  before,  contended  it  no 
longer  used  the  technology  in  question. 

But  then  the  requests  for  injunctions  start¬ 
ed  to  fly  Akamai  filed  for  an  injunction  to 
shut  down  the  Footprint  service,  and  a  fed¬ 
eral  judge  granted  that  injunction  in 
August.  C&W  claimed  the  injunction  has 
no  bearing  because  the  technology  is  not 
in  use  in  a  service  currently  available. 

At  the  same  time,  C&W  targeted  Akamai 
with  two  lawsuits.  The  first  stems  from  a 
newly  issued  patent  that  C&W  received 
that  covers  ways  to  ensure  only  the  freshest 
information  is  served  to  Web  sites  and  that 
information  is  not  duplicated  on  the  CDN. 
Akamai  says  the  technology  is  the  same 
that  it  was  cleared  of  violating  in  the  jury 
ruling  last  year. 

The  second  C&W  lawsuit  involves  an 
optimal  routing  technology  that  covers 
Host-to-Host  Adaptive  Routing  Protocol.  In 

See  Lawsuits,  page  32 


GDN  soap  opera 

The  once  high-flying CDNs  are  mired  in  courtroom  battles.  Here’sthe  history: 


September 

•  Akamai  sues  Digital 
Island,  claiming  patent 
infringement. 

•  Digital  Island  sues 
Akamai  over  patent. 


December 

Jury  finds  Akamai  did  not 
infringe  on  Digital  Island's 
patent,  but  that  Digital 
Island's  Foot-print  service 
infringed  on  an  Akamai 
patent.  - 


January 

Akamai  files  for  injunc¬ 
tion  to  shut  down  Digital 
Island's  service. 


February 

Akamai  sues  Speedera 
over  patent;  accuses 
CDN  of  “false  and 
misleading  statements.” 


June  25,  2002 

Akamai  sues  Speedera, 
accusing  it  of  hacking  into 
customer  database. 
Speedera  sues  Akamai  for 
unfair  competition,  false 
advertising. 
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July  16  1 

Cable  &  Wireless,  which 
owns  Digital  Island,  sues 
Akamai  over  patent. 


Aug.  8 

C&W  sues  Akamai  and  affiliate  SockEye  Networks,  - 
claiming  second  infringement. 

Aug.  23 

Judge  issues  injunction  against  Digital  Island's  Footprint 
service.  C&W  says  it  no  longer  uses  the  technology. 

Aug.  28 

C&W  seeks  injunction  to  shut  down  Akamai's  EdgeSuite 
service  over  patent. 


Oct.  9 

C&W  asks  court  to  for¬ 
bid  Akamai  from  selling 
EdgeSuite,  claiming 
violates  patent. 
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How  do  you  know  a  technology  has 
caught  fire?  I  look  for  three  things: 
ongoing  technical  development;  a 
focus  on  making  the  technology  easy  to 
deploy, configure  and  manage;  and  the  real 
indicator  —  paying  customers. 

By  all  three  standards.  Multi-protocol 
Label  Switching  finally  has  it,  as  demon¬ 
strated  strikingly  at  the  recent  MPLScon 
conference  in  Denver.  Presenters  includ¬ 
ed  some  of  the  technology’s  lead  creators: 
Yakov  Rekhter,  who  co-developed  Border 
Gateway  Protocol  (BGP)  and  MPLS;  Luca 
Martini,  who  developed  the  eponymous 
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MPLS  shows  signs  of  really  taking  flight 


specifications  for  transporting  Layer  2  pro¬ 
tocols  across  MPLS;  and  Bruce  Davie,  who 
in  addition  to  his  work  on  MPLS  has  writ¬ 
ten  the  clearest  and  most  comprehensive 
book  about  networking  technologies  I’ve 
read,  Computer  Networks:  A  Systems 
Approach. 

Each  of  these  presenters  —  and  a  host 
of  others  —  discussed  ongoing  develop¬ 
ments  in  the  area  of  MPLS  technology. 
One  thing  that  struck  me  was  the  degree 
of  friendly  cooperation  across  a  slew  of 
ostensibly  competitive  vendors. Sure,  there 
was  sparring  between  engineers  from 
Cisco  and  Juniper  Networks  over  the  issue 
of  whether  BGP  or  Label  Distribution 
Protocol  is  the  best  way  to  exchange  VPN 
information.  But  that  falls  into  the  area  of 
healthy  debate.  The  bigger  picture  was 
that  both  major  and  up-and-coming  ven¬ 
dors  are  committed  firmly  to  advancing 
this  technology. 


That’s  not  unusual;  vendors  are  typically 
the  biggest  boosters  of  any  new  technol¬ 
ogy  What  was  more  of  a  surprise  was  the 
focus  on  service  issues.  As  noted  before  in 
this  column, MPLS  is  a  technology, not  a  ser¬ 
vice.  The  difference?  Providers  can  cost- 
effectively  deploy,  configure,  secure  and 
manage  a  service. 

At  MPLScon,  several  major  service 
providers,  including  heavyweights  AT&T 
and  British  Telecom,  weighed  in  on  what 
they’ve  learned  from  early  deployments  of 
the  technology  —  and  vendors  took  care¬ 
ful  notes.  In  some  cases,  the  vendors  even 
drove  the  discussion  toward  service-orient¬ 
ed  issues:  Monique  Morrow,  CTO  consult¬ 
ing  engineer  at  Cisco,  emphatically  steered 
a  security  panel  toward  the  development 
of  a  set  of  MPLS  VPN  “best  practices”  for 
companies  and  service  providers.!  chaired 
that  panel,  and  you’ll  be  seeing  the  results 
of  the  security  best  practices  discussion  in 


an  upcoming  column. 

Another  surprise  was  uncovering  the  rel¬ 
atively  large  size  of  the  customer  popula¬ 
tion.  Service  providers  reported  several 
thousand  enterprise  users  of  their  MPLS- 
based  services.  Add  that  to  the  number  of 
companies  I’ve  spoken  to  that  are  consid¬ 
ering  private-network  deployment  of 
MPLS,  and  you  start  to  recognize  this  tech¬ 
nology  has  taken  off. 

So  many  companies  are  interested  in 
MPLS  that  Burton  Group,  which  organizes 
MPLScon,  is  considering  hosting  the  next 
conference  in  New  York  to  make  it  easier 
for  companies  to  attend.  If  you  like  the 
idea,  please  let  them  know  at  www 
.mplscon.com. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  a  technology 
research  firm.  She  can  be  reached  at 
johna@nemertes.  com. 
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Lawsuits 

continued  from  page  31 

both  cases,  C&W  is  seeking  in¬ 
junctions  to  shut  down  Akamai’s 
EdgeSuite  service  until  Akamai 
removes  technology  that  C&W 
claims  violates  its  patents. 

Meanwhile,  Akamai  has  taken 
aim  at  Speedera,  accusing  it  of 
patent  infringement,  and  of  unfair 
competition. In  addition, Akamai 
claims  that  Speedera  illegally 
hacked  into  a  database  to  get  at 
performance  information  re¬ 
garding  customers  and  pros¬ 
pects.  Speedera  denies  any 
wrongdoing  and  fired  back  with 
a  lawsuit  accusing  Akamai  of 
unfair  competition. 

“When  you  put  the  customer 
in  the  situation  of  having  to  sort 
through  all  the  PR  bluster  and 
then  sort  out  what  the  real  issues 
are  and  whether  they  affect 
them,  that  just  puts  an  awful  big 
burden  on  the  customer.  We  don’t 
think  that  is  something  that  is  in 
the  best  interest  of  the  industry” 
Batchelder  says. 

Gartner  is  advising  customers  in 
some  cases  to  use  their  own 
patent  attorneys  to  sort  out  the 
mess  before  signing  contracts.  In 
addition,  customers  should  be 
sure  contracts  give  them  an  out  if 
a  specific  service  is  enjoined. 

Even  the  CDN  vendors  recog¬ 
nize  the  risks  to  the  industry  asso¬ 
ciated  with  their  legal  fights. 

“Overall  it’s  having  a  negative 
effect  on  the  market  in  that  peo¬ 
ple  are  confused  by  the  mes¬ 
sages,”  says  Ted  Middleton,  direc¬ 
tor  of  content  delivery  at  C&W 
“There  is  some  apprehension, 
but  1  don't  think  people  are 
deferring  their  decisions  to 
invest  in  CDN  technology 


because  there  is  a  legal  question 
hanging  out  there.  The  other 
thing  is  there  is  no  safe  harbor 
that’s  not  involved  in  litigation.” 

Customers  noted  that  it’s  not 
tough  to  shift  between  CDN  pro¬ 
viders,  because  the  services  are 
so  similar.  Also,  one  Speedera  cus¬ 
tomer,  who  asked  not  to  be 
named,  says  it  would  be  easy  to 
bring  his  content  back  in-house. 


Rob  Batchelder 

Research  director  at  Gartner 

“We’ve  stayed  away  from  vendor 
lock-in,”  he  says.  “We  name  our 
DNS  to  our  CDN  provider,  so  if 
there’s  an  issue  with  the  company, 
we  can  change  the  DNS  and  serve 
content  from  our  servers.” 

Nevertheless,  Batchelder  and 
other  analysts  say  the  infighting  is 
casting  a  pall  over  a  market  that 
has  failed  to  reach  the  dizzying 
heights  expected  during  the  dot¬ 
com  era.  Akamai's  stock,  for  exam¬ 
ple,  which  traded  at  $300  in 
December  1999,  now  is  priced  at 
less  than  $1.  Not  that  the  market 
doesn’t  have  potential,  or  room 
for  multiple  players,  analysts  say 
IDC  pegged  the  market  at  just 
more  than  $288  million  in  2001 
and  expects  it  to  climb  to  a  little 
more  than  $2  billion  in  2006. 

The  legal  fighting,  however,  if  it 
drags  out  too  long,  could  over¬ 
shadow  positive  steps  within  the 


market.  Just  this  past  summer,  for 
example,  Speedera  and  C&W 
claimed  that  their  CDN  busi¬ 
nesses  reached  profitability 
Akamai  recently  announced  an 
expanded  relationship  with  AOL 
and  will  place  its  edge  servers  in 
the  AOL  backbone. 

“When  I  look  at  the  CDN  indus¬ 
try  there  is  absolutely  no  doubt  in 
my  mind  that  this  is  an  immense¬ 


ly  valuable  technology  and  that 
this  industry  isn’t  going  to  go 
away  But  it  has  to  restrain  itself 
from  its  self-destructive  tenden¬ 
cies,”  Batchelder  says.  “Strateg¬ 
ically,  it’s  a  stupid  thing.  You  don’t 
want  to  wave  people  off  an  indus¬ 
try  you’re  trying  to  grow,  and  this 
will  give  people  pause.”  ■ 
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Get  the  background  on  content  delivery 
networks,  as  well  as  breaking  GDN-related 
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■  BY  MICHAEL  MARTIN 

Sprint  recently  launched  a  man¬ 
aged  IP  telephony  service 
designed  to  let  customers  transi¬ 
tion  to  voice  over  IP  without  hav¬ 
ing  to  worry  about  maintaining 
high  network  quality-of-service 
levels  over  their  corporate  LANs 
or  WANs. 

Vendors  tout  VoIP  as  a  way  for 
companies  to  save  on  infrastruc¬ 
ture  costs  by  paring  their  separate 
voice  and  data  networks  into  one 
unified  network. 

Called  Sprint  Internet  Protocol 
Telephony  Services,  the  offering 
lets  customers  outsource  their 
networks  —  end  to  end  —  to 
Sprint. The  services  include  man¬ 
agement,  monitoring,  mainte¬ 
nance  and  any  necessary  cus¬ 
tomer  premises  equipment  to 
voice-enable  a  data  network. 

Sprint’s  partner  in  its  VoIP  foray 
is  Cisco.  Sprint  will  use  Cisco’s 
voice-enabled  Architecture  for 
Voice,  Video  and  Integrated  Data 
(AWID)  equipment  to  build  con¬ 
verged  customer  networks. 

Once  Sprint  and  Cisco  have  in¬ 
stalled  customer  premise  equip¬ 
ment,  Sprint  will  manage  the  LAN 
and  WAN  portions  of  the  cus¬ 
tomer’s  network  through  Sprint 
Managed  Network  Services.  Con¬ 
nections  between  customer  sites 
will  be  over  Sprint’s  IP  network. 

Sprint  is  combining  its  man¬ 
aged  IP  telephony  service  with 
its  IP  Class  of  Service  offering, 
which  Sprint  rolled  out  earlier 


Giving  voice  to  IP 

Sprint’s  IP  telephony 
services  include: 

•  End-to-end  management 
of  customer  networks. 

•  A  partnership  with 
Cisco,  using  Cisco's 
AVVID  VoIP  gear. 

•  Quality  of  service  through 
Sprint's  IP  Class  of 
Service  offering. 

this  month. 

IP  Class  of  Service  lets  cus¬ 
tomers  use  as  many  as  four  traffic 
queues  between  Sprint’s  points  of 
presence  and  the  edge  of  the  cus¬ 
tomer  network.This  lets  users  pri¬ 
oritize  their  voice  traffic  and 
video  traffic.  Once  the  traffic  hits 
the  WAN,  Sprint  officials  say  no 
queues  or  prioritization  are  nec¬ 
essary  because  Sprint’s  IP  back¬ 
bone  has  inherently  good  QoS. 

A  variety  of  carriers  have  leapt 
into  the  managed  IP  voice  market 
recently.  Verizon  announced  a 
managed  IP  voice  service  that 
involves  Verizon  monitoring  and 
managing  Cisco  AWID  equip¬ 
ment  on  customer  premises,  as 
well  as  monitoring  and  managing 
WAN  VoIP  traffic. 

Two  weeks  ago  WorldCom 
rolled  out  the  WorldCom  Con¬ 
nection  Service,  which  lets  cus¬ 
tomers  make  long-distance  and 
local  VoIP  calls.  WorldCom  plans 
to  expand  the  service  to  include 
video  over  IP  by  year-end  ■ 


fcl . . .  there  is  absolutely  no  doubt  in  my  mind 
this  is  an  immensely  valuable  technology  and 
that  this  industry  isn't  going  to  go  away.  But  it 
has  to  refrain  itself  from  its  self-destructive 
tendencies.  99 
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AT&T:  The  reorganization  continues. 


AT&T  pegs  future  hopes  on  business  division 


■  BY  DENISE  PAPPALARDO 

The  face  of  AT&T  is  changing  . . .  most  observers  say 
for  the  better. 

The  company  is  on  the  verge  of  divesting  its  debt- 
ridden  cable  division  and  is  putting  its  future  in  the 
hands  of  a  business  services  division  that  has  its  own 
problems  but  shows  signs  of  life. 

AT&T  is  living  through  falling  revenues  quarter-over¬ 
quarter,  as  is  its  division  AT&T  Business,  which  offers 
enterprise  users  voice  and  data  services.  Nevertheless, 
you’ll  still  hear  “its  a  good  time  to  be  at  AT&T’ from  exec¬ 
utives  such  as  Bill  Archer,  vice  president  of  sales. 

An  initial  glance  at  the  company’s  financials  might  call 
into  question  that  optimism.  AT&T  is  carrying  $30.7  billion 
in  debt  and  posted  a  6.2%  decline  in  revenue  in  the  sec¬ 
ond  quarter  of  this  year  compared  to  the  same  quarter 
the  year  before.  And  if  you  look  specifically  at  AT&T 
Business, you’ll  see  a  3.8%  decline  in  revenue  during  the 
same  period. 

AT&T  attributes  the  declines  to  tight  voice  profit  mar¬ 
gins  and  the  slowed  economy.  But  the  company  says  it’s 
seeing  growth  where  it  counts:  with  its  data,  ipWeb  host¬ 
ing  and  managed  service  offerings.The  company  says  IP 
services  including  VPN  and  Web  hosting  increased  by 
26%  from  the  second  quarter  of  2001  to  the  same  quar¬ 
ter  this  year. 

AT&T  executives  are  optimistic  about  those  results,  but 
know  that  the  company’s  future  depends  on  the  success 
of  major  structural  changes  that  are  still  in  the  works.The 
first  major  change  is  that  AT&T  Broadband’s  merger  with 
Comcast  is  expected  to  close  this  quarter. The  cable  divi¬ 
sion  is  a  drag  on  the  rest  of  AT&T  because  of  its  huge 
debt  load.The  parent  company  is 
expected  to  cut  its  debt  in  half 
once  the  deal  is  final,  says  Scott 
Shiftman,  a  financial  analyst  at 
Lehman  Brothers. 

AT&T  also  is  in  the  process  of 
building  revenue  in  a  changing 
competitive  landscape.  AT&T 
(which  will  report  its  third-quarter 
earnings  this  week)  and  Sprint, 
the  carrier’s  closest  competitor 
that's  not  in  the  midst  of  bankrupt¬ 
cy,  are  expected  to  post  higher 
business  service  revenues  as  a 
result  of  WorldCom  customers 
jumping  ship. 

“It  seems  that  both  Sprint  and 
AT&T  are  winning  business  from  WorldCom,  but  I  need  to 
see  that  quantified  in  financial  results,  and  we  need  to 
see  if  it’s  a  sustainable  trend,"  he  says. 

AT&T  Business  also  has  worked  internally  to  strengthen 
its  focus  on  customers,  while  streamlining  its  business 
processes, says  Hossein  Eslambolchi.CTO  and  president 
of  AT&T  Labs.  Eslambolchi  says  AT&T  Business  is  invest¬ 
ing  in  four  strategic  areas: 

•  Improving  customer  care,  order  provisioning  and 
billing. 

•  Making  internal  processes  more  efficient. 

•  Growing  and  scaling  network  capacity. 

•  Offering  new  features  and  functionality. 

AT&T  has  been  overhauling  its  front-end  systems,  in¬ 


cluding  its  CRM  and  enterprise  resource  planning  (ERP) 
systems.“We’ve  realized  that  a  strong  broadband  infra¬ 
structure  is  a  necessary  condition  to  succeed,  but  it’s  not 
sufficient,”  Eslambolchi  says.“We  have  to  have  more  brain 
power  in  the  network  where  we  connect  to  customers.” 

By  improving  its  internal  processes  AT&T  says  it  has 
reduced  the  number  of  days  it  takes  to  provision  its  ser¬ 
vices.  For  instance,  it  typically  took  45  days  to  provision  a 
frame  relay  customer;  now  it  takes  31  days,  he  says. 
Customers  looking  for  a  T-l  typically  waited  1 10  days  for 
that  line  to  be  provisioned;  now  it  takes  61  days. 

“These  are  improvements  in  terms  of  revenue  and  cus¬ 
tomer  satisfaction,”  Eslambolchi  says. 

The  carrier  also  is  moving  toward  using  its  integrated 
Global  Enterprise  Management  System  (iGEMS)  for  all  of 
its  services,  including  Web  hosting  and  frame  relay  IGEMS 
is  AT&T’s  homegrown  network  management  platform  that 
it  has  used  exclusively  to  support  its  AT&T  Solutions’  cus¬ 
tom-managed  service  customers.This  platform  will  be 
used  for  AT&T  data  customers  to  simplify  support  for  us¬ 
ers  with  hybrid  networks,  which  are  more  common  today 

“There  is  a  big  change  in  our  approach.  We  are  trying  to 
move  away  from  technology  silos  as  a  way  to  talk  to  cus¬ 
tomers,  to  instead  talking  about  what  problem  the  cus¬ 
tomer  is  trying  to  solve,”  Eslambolchi  says. 

The  carrier  says  it  is  in  the  process  of  moving  to  an  all- 
optical  network. While  he  would  not  commit  to  a  time 
frame,  Eslambolchi  says  AT&T  will  have  1,000  intelligent 
optical  switches  deployed  by  year-end.The  all-optical  net¬ 
work  will  let  the  carrier  more  efficiently  support  customer 
traffic  and  merge  various  backbones  such  as  frame  relay 
and  IP  for  customers  with  hybrid  networks. 

“We’re  focusing  significantly  on  managed  data  and 
hosting  services  where  there’s  a 
huge  growth  opportunity?’ 
Eslambolchi  says. 

However,  managed  services  are 
typically  a  hard  sell  for  most  carri¬ 
ers  during  economic  downturns, 
says  Lisa  Pierce,  an  analyst  at  Giga 
Information  Group.  Users  tend  to 
steer  clear  of  the  additional  costs 
associated  with  a  carrier  manag¬ 
ing  their  networks,  and  instead 
bring  that  management  in-house, 
she  says. 

Robin  Young,  AT&T  Business’ 
senior  vice  president  of  managed 
services,  says  those  perceived  addi¬ 
tional  costs  are  deceiving. 

“If  you  look  at  what  it  takes  to  do  the  same  functions  in- 
house,  such  as  deploying  new  technologies  and  bringing 
in  new  talent  to  manage  these  technologies,  and  you  con¬ 
sider  total  cost  of  ownership,  managed  services  offer 
more  flexibility?’ she  says. 

Pierce  doesn’t  agree  with  this  explanation. 

“It’s  easier  to  cut  a  budget  in-house  than  it  is  to  termi¬ 
nate  a  contract  with  an  outside  firm,” she  says.“Managed 
services  make  sense  when  your  company  is  growing 
and  when  your  company  can’t  handle  that  growth  inter¬ 
nally”  But  the  reality  is  fewer  companies  are  in  that  posi¬ 
tion,  she  says. 

Yet  AT&T  expects  managed  services  to  continue  to 
grow. Young  says  AT&T  doubled  its  managed  frame  con¬ 


AT&T  financial  snapshot 

AT&T  has  seen  revenue  drops  since 
2000  primarily  due  because  of  the 
company’s  slowing  voice  business. 

AT&T  second  quarter  revenue  in  billions. 


nections  in  the  past  year,  which  includes  global  IP 
Enabled  Frame  Relay  service  lines,  she  says.“In  reality 
we’ve  seen  20%  year-over-year  growth  in  managed  ser¬ 
vices,”  she  says. 

While  AT&T  Business  is  planning  changes  to  streamline 
its  business  operations  and  offer  users  network  efficien¬ 
cies,  AT&T’s  sales  department  also  has  been  busy  making 
changes.  In  the  past  two  years  the  company  has  been  try¬ 
ing  to  move  in  sales  people  with  IP  and  data  experience 
while  phasing  out  legacy  service  sales  experts,  AT&T’s 
Archer  says. 

“There  is  a  strong  bias  toward  delivering  results  and  sat¬ 
isfying  consumers  with  clear  metrics  associated  with  per¬ 
formance  management,”  Archer  says. 

In  the  past  year,  AT&T  has  brought  in  700  new  sales 
associates,  but  it  hasn’t  increased  its  salesforce. These  are 
experts  in  complex  data  networks,  Archer  says. 

“The  customer  population  is  evaluating  the  current  state 
of  the  industry  and  are  concerned  about  the  stability  of 
several  providers,  he  says.“ln  response  to  that,  there  is  a 
genuine  flight  to  quality  occurring,  and  that’s  creating  a 
significant  amount  of  opportunity  and  activity  for  us." 

AT&T  is  looking  at  1,000  new  pieces  of  business  that 
range  from  existing  customers  adding  circuits  to  new  cus¬ 
tomers  looking  at  major  network  transitions,  Archer  says. 

But  it’s  hardly  a  “slam  dunk”  for  the  carrier.  New  busi¬ 
ness  coming  from  failing  service  providers  will  bring  in 
only  so  much  new  revenue.  AT&T  needs  to  slow  the  ero¬ 
sion  within  AT&T  Consumer  and  drive  up  market  share 
growth  within  AT&T  Business,  Lehman  Brothers’ 

Shiffman  says. 

That  strategy  can  only  be  proven  over  the  long  haul,  he 
says.  ■ 


Reading  someone  else's 
copy  of  Network  World? 

Apply  for  your  own 
Free  subscription  today. 


jnttrcp  pm<«w  Vtn  Signs  wew  — 


Put  to  the  test 


IP  telephony  talk 
zeroes  in  on  SIP 


Free  subscription 

(51  Issues) 

To  apply  online  go  to 

subscribenw.com/b02 


subscribenw.com/  b02 

Apply  for  your 

free 

subscription  today! 

(A  $255  value  ■  yours  free) 


A  ■  etwork  Security  Perimeters 
(NSPs)  have  become 
necessary  as  a  result  of  our 
increasing  dependency  on  electronic 
communications  via  the  Internet. 
In  this  latest  SPECIAL  REPORT  - 
exclusively  from  Network  World 
Fusion  -  well-known  IP  networking 
specialist  Chris  Ellis  covers  the  issues 
of  NSP  design,  performance  and 
scalability.  Take  advantage  of  this 
free  offer  from  Network  World  Fusion 
and  secure  your  copy  of  the  SPECIAL 
REPORT:  Network  Security  Perimeters 
in  PDF  format  today. 


Chris  Ellis  is  an  IP  networking 
specialist  who  has  spent  most  of 
his  career  as  a 
consultant  analyzing, 
designing  and  deploying 
IP  networks.  His  career 
over  twenty  one 
years  has  seen  a 
particular  focus  on  the  engineering  of 
secure  IP  networks  as  well  as  next 
generation  networks  that  offer 
quality  of  service,  high  performance 
and  high  availability. 
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Managed  switches  you  can  count  on  to  do  more  than  just  save  money.  Just 

what  you'd  expect  from  Dell,  proven  technology  that  cuts  costs.  So  whether  you're 
building  your  first  network  or  expanding  your  existing  one,  Dell  PowerConnect 
managed  switches  can  handle  your  busy  organization  and  help  you  save  money. 
Equipped  with  the  latest  industry-standard  technology,  PowerConnect  switches  are 
highly  interoperable  and  easily  integrate  into  an  existing  network.  They're  scalable 
for  future  growth  and  have  easy-to-use  management  features  to  help  you  improve 
network  up  time  and  security.  PowerConnect  switches  include  Next  Business  Day“ 
Unit  Replacement  and,  of  course,  they're  all  backed  with  Dell's  service  and  support. 
Choosing  Dell  PowerConnect  switches  means  you  won’t  have  to  sacrifice  performance 
for  price.  And  that's  a  concept  you'll  definitely  want  to  plug  into. 
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■  SERVICE  PROVIDER  DEVELOPMENTS 

AT  THE  JUNCTURE  BETWEEN  THE  ENTERPRISE 
AND  THE  NEW  PUBLIC  NETWORK 


Session  control  paves  way  for  IP  voice 

Technology  addresses  a  variety  of  problems  without  disrupting  current  gear. 


■  BY  TIM  GREENE 

Technology  to  smooth  the  transition 
between  traditional  and  IP  voice  services  is 
becoming  available  for  carriers  looking  to 
benefit  from  converged  networks  that  can 


■  The  MPLS  Forum  announced  the 

approval  of  an  MPLS  permanent 
virtual  circuit  User-to-Network 
Interface  implementation  agree¬ 
ment  The  MPLS  PVC  UNI  will  extend 
MPLS  beyond  its  traditional  use  in  the 
core  of  an  IP  network  out  to  the  cus¬ 
tomer  edge,  the  forum  says.  The 
MPLS  PVC  UNI  provides  an  industry 
standard  interface  to  a  public  net¬ 
work  offering  services  via  provisioned 
MPLS  Label  Switched  Path  connec¬ 
tions.  The  MPLS  PVC  UNI  uses  exist¬ 
ing  protocols  as  a  signaling  basis  and 
enhances  them  to  provide  quality-of- 
service  characteristics,  the  forum 
says. The  MPLS  PVC  UNI  also 
includes  a  Layer  3  VPN  “annex”  to 
provide  public  access  to  RFC  2547 
VPN  services  using  provisioned  LSPs. 

The  MPLS  PVC  UNI  builds  on  the 
frame  relay  and  ATM  PVC  UNIs,  and 
enables  static  or  automatic  configu¬ 
ration  of  subscriber  equipment  from 
the  provider  network.  The  MPLS 
Forum  is  continuing  work  on  mecha¬ 
nisms  for  additional  services  to  be 
offered  over  the  UNI. 

■  Multiservice  switch  vendor 
Vivace  Networks  announced  the 
expansion  of  its  operations  in  the 
U.S.  and  overseas. 

Vivace  says  it  will  increase  head 
count  in  its  sales,  business  develop¬ 
ment  and  customer  support  depart¬ 
ments  domestically  and  open  new 
offices  in  Europe  and  Asia  during  the 
fourth  quarter.  The  expansion  is 
based  on  current  global  demand  for 
its  multiservice  switch  product  line, 
Vivace  says.  The  company  is  fully 
funded  through  2003. 


Control  IP  sessions 


Session  controllers  sit  between  IP  networks  and 
smooth  the  flow  of  voice-over-IP  traffic  in  three  ways 


O  They  keep  sessions  alive  so  incoming  phone  calls  can  get  through  firewalls. 


©  They  clear  up  address  discrepancies  created  when  packets  from  LAN  private 
address  space  cross  a  firewall. 

©  They  map  service  quality  markers  from  companies  to  the  markers  that  service 
providers  use. 


handle  voice,  video  and  data  traffic. 

Called  session  controllers,  these 
stand-alone  devices  help  over¬ 
come  some  knotty  problems  fac¬ 
ing  voice  traffic  as  it  moves 
between  IP  networks,  such  as 
between  corporate  LANs  and  ser¬ 
vice  providers’  networks. 

“Service  controllers  regulate 
bandwidth  and  keep  service-level 
agreements  and  quality  of  service 
intact  so  customers  can  reap  the 
benefits  of  IP  networks,”  says  Mark 
Bieberich,  a  senior  analyst  with 
The  Yankee  Group.  Key  vendors  in 
this  relatively  new  area  include 
Acme  Packets,  Jasomi,  Kagoor, 

Netrake  and  NexTone,  he  says. 

These  processor-intensive  devices 
peer  into  packets  to  analyze  and 
alter  them,  if  necessary  so  payloads 
make  their  way  across  network 
boundaries  intact.  Acme  Packets,  Netrake 
and  NexTone  are  focused  on  service 
providers,  while  the  others  offer  gear  for 
both  providers  and  businesses,  Bieberich 
says.  NetRake  touts  its  custom  processors, 


while  NexTone  promotes  its  use  of  gener¬ 
ally  available  processors  that  keep  costs 
down,  Bieberich  says. 

The  major  problem  that  session  con¬ 
trollers  overcome  is  how  incoming  calls  get 


through  firewalls,  which  are 
designed  to  keep  out  inbound 
traffic  unless  it  was  solicited  or 
headed  for  a  firewall  port  that 
accepts  all  traffic  of  a  certain  type. 
Incoming  calls  would  be  rejected 
because  they  do  not  come  through 
ports  that  are  usually  open  and  are 
not  in  response  to  outgoing  traffic, 
as  is  their  nature. 

The  benefit  of  these  devices  is 
that  they  do  all  the  needed  work 
without  upgrading  or  reconfigur¬ 
ing  firewalls. 

Typically  session-control  equip¬ 
ment  sits  outside  the  firewall 
either  connected  to  a  business 
LAN  or  in  a  service  provider  net¬ 
work.  When  users  are  setting  up 
their  IP  phones  and  IP  PBXs,  they 
configure  them  to  announce 
themselves  on  the  network  to  the 
controller  device.  After  that,  they  keep  a 
session  alive  so  the  control  appliance  has  a 
hole  through  which  to  initiate  inbound 
phone  sessions. 

See  Session  control,  page  40 


WaveSmith  lands  Ciena  for  funding 


■  BY  JIM  DUFFY 

ACTON,  MASS.  —  Multiservice  edge 
switch  maker  WaveSmith  Networks  has 
landed  $30  million  in  new  funding,  includ¬ 
ing  $5  million  from  a  major  vendor  — 
Ciena  —  that  will  help  bring  the  start-up’s 
switches  to  market. 

Lead  investors  in  WaveSmith’s  $30  mil¬ 
lion  third  round  include  first-  and  second- 
round  participants  Atlas  Venture,  Bes¬ 
semer  Venture  Partners,  Commonwealth 
Capital  and  Fidelity  Ventures.Argonaut  Pri¬ 
vate  Equity  joins  Ciena  as  a  new  investor 
in  WaveSmith. 

The  third  round  makes  WaveSmith  cash¬ 
flow  positive  and  would  take  the  company 
into  2004  even  without  revenue.  But  Wave- 
Smith  already  is  taking  revenue  and  three 
of  its  customers  are  Vanion,  Ben  Lomand 
Telephone  and  Global  NAPs. 

WaveSmith  has  raised  $84.5  million  since 
its  founding  in  March  2000. 

Ciena  will  sell,  service  and  support  Wave- 
Smith’s  Distributed  Node  switches  on  a 


worldwide  basis  to  Tier  1  carriers.The  deal 
is  significant  to  WaveSmith  because  it  pro¬ 
vides  a  global  channel  into  large  carrier 
accounts  —  customers  who  are  reluctant  to 
deal  with  start-ups  because  of  their  lack  of 
revenue,  unproven  technology  and  lack  of 
service  and  support  infrastructure. 

But  it’s  perhaps  equally  significant  for 
Ciena.  It  gives  the  vendor  of  metropolitan 
and  long-haul  optical  gear  a  new  rev¬ 
enue  stream  when  sales  of  optical  trans¬ 
port  and  switching  systems  are  taking  the 
brunt  of  the  downturn  on  carrier  capital 
spending. 

Ciena  signed  a  similar  agreement,  un¬ 
derscored  with  a  $5  million  investment, 
with  multiservice  core  switch  start-up 
Equipe  Communications  earlier  this  year. 
Ciena  now  can  sell  Layer  2  multiservice 
edge  and  core  switches  —  of  which  there 
are  now  lucrative  requests  for  proposal 
out  —  to  Tier  1  carriers  as  adjuncts  to  its 
optical  systems. 

Ciena  evaluated  multiservice  edge 
switches  from  Gotham  Networks  earlier 


this  year.  What  put  WaveSmith  over  the  top, 
sources  say  was  its  strong  showing  in 
regional  Bell  operating  company  trials 
at  SBC  Communications  and  Verizon. 
Sources  say  WaveSmith  is  close  to  receiving 
a  contract  from  SBC  for  a  multiservice  edge 
buildout  valued  in  the  tens  of  millions  of 
dollars.  WaveSmith  declined  to  comment; 
SBC  did  not  respond  by  press  time. 

At  Verizon,  WaveSmith  is  a  finalist  for  the 
RBOC’s  $  100-million-plus  Fast  Packet  CAS 
frame  relay  buildout,  sources  say.  The  con¬ 
tract  announcement  date  is  unknown  (see 
www.nwfusion.com,  DocFinder:  2732). 

WaveSmith  and  Verizon  declined  com¬ 
ment  about  that  possibility  ■ 

More  online! 

WaveSmith  isn't  the  only' 
start-up  to  sell  a  piece  of 
itself  to  a  larger  vendor  to 
survive.  See  how  others 
are  making  the  same  move. 
DocFinder:  2739 
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Make  every  step  count  for  more. 


Nokia  security  appliances  simplify  network  security. 

Pre-installed,  pre-configured  and  ready  to  go. 

Whether  they’re  being  used  for  VPNs,  firewalls,  intrusion  protection,  or  Internet 
traffic  management,  Nokia  appliances  are  delivered  ready  for  implementation. 
They’re  compatible  with  any  IP  network.  Often,  the  only  on-site  requirements 
are  powering  up  the  appliance,  connecting  it  to  the  network,  and  entering  the 
correct  IP  address. 

Nokia  security  appliances  are  designed  for  full  remote  management. 

Easy-to-use  GUI-based  interfaces  offer  a  full  overview  of  security  deployment,  or 
a  drill-down  to  the  details,  anytime.  Deep  collaboration  with  partners  like  Check 
Point  Software  Technologies,  Internet  Security  Systems  and  F5  helps  coordinate 
all  the  capabilities  of  their  applications.  So  our  customers  can  respond  to  internal 
and  external  threats,  by  upgrading  or  redeploying  their  equipment,  quickly  and 
more  easily  than  ever  before. 

First  Call-Final  Resolution  support  eliminates  the  usual  finger-pointing. 

Its  another  way  that  our  ongoing  partnerships  give  our  customers  greater  peace  of  mind. 
To  download  case  studies,  details  and  more,  just  visit  www.nokia.com/ipsecurity/na. 
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MPLS  feature  becoming  SONET  alternative 


Three’s  a  trend 

MPLS  Fast  Reroute  is  taking  center  stage  via  recent  announcements  from  three  vendors. 


■  BY  JIM  DUFFY 

The  Multi-protocol  Label 
Switching  standard  is  coming 
into  vogue  as  a  way  to  provide 
SONET-like  resiliency  in  packet 
networks. 

Created  five  years  ago  to  pro¬ 
vide  more  deterministic  behavior 
in  IP  networks,  MPLS  has  taken  on 
multiple  roles  with  its  myriad  uses 
in  networks.  It’s  touted  as  a  way  to 
consolidate  ATM,  frame  relay  and 
IP  networks,  deliver  VPN  services, 
guarantee  quality  of  service 
(QoS)  and  route  around  failures. 

It’s  this  last  aspect  that’s  garner¬ 
ing  the  most  attention  recently. 
Three  vendors  have  announced 
enhancements  to  their  MPLS  soft¬ 
ware  offerings  designed  to  har¬ 
ness  the  standard’s  Fast  Reroute 
capability  to  enable  recovery  of 
IP  and  Ethernet  link  failures  in 
milliseconds. 

MPLS  Fast  Reroute  is  designed 
to  provide  protection  from  link 
and  node  failures.  But  Riverstone 
Networks,  Atrica  and  Cisco  are 
enhancing  the  Fast  Reroute  in 
their  individual  products  to  pro¬ 
vide  IP  and  Ethernet  resiliency 
that  equals  or  surpasses  that  of 
SONET,  which  is  50  msec. 

“MPLS  Fast  Reroute  provides 
service  providers  with  something 


Riverstone: 

MPLS  Fast  Reroute  for 
SONET-like  resiliency  in 
IP  networks. 

Designed  to  assure 
service  levels  forVPNs. 

Lets  routers  divert  traffic 
around  points  of  failure  in 
tens  of  milliseconds. 


that’s  always  been  available  in  the 
voice  world, ’’says  Mark  Bieberich, 
and  analyst  with  The  Yankee 
Group.  “Something  equivalent  in 
the  IP  world  has  always  been 
something  that  has  eluded  IP  net¬ 
work  managers  and  something 
that’s  contributed  to  the  unpre¬ 
dictability  and  the  instability  of  IP 
networks.  It’s  part  of  a  larger  equa¬ 
tion  that  will  advance  the  state  of 
IP  such  that  service  providers  will 
want  to  start  putting  mission-criti¬ 
cal  traffic  on  their  IP  backbones, 
roll  out  services  with  stricter  [ser¬ 
vice-level  agreements]  and  that 
contribute  to  higher  margins.” 

Riverstone  last  week  unveiled 
its  version  of  MPLS  Fast  Reroute 


Atrica: 

MPLS  Fast  Reroute  for  50 
msec  link  restoration  in  A- 
8800  and  A-8100  optical 
Ethernet  switches. 

Helps  enable  “hard"  QoS 
guarantees  on  MPLS  Label 
Switched  Paths. 

Contract  with  FranceTelecom. 

for  its  metropolitan-area  network 
routers.  In  addition  to  providing 
SONET-like  resiliency  to  IP  net¬ 
works,  Riverstone’s  software  is 
intended  to  enable  service  deliv¬ 
ery  guarantees. 

Riverstone’s  Fast  Reroute  tech¬ 
nology  lets  routers  along  an  MPLS 
path  divert  traffic  around  points  of 
failure  in  tens  of  milliseconds,  the 
company  says.  Riverstone’s  soft¬ 
ware  also  enables  the  creation  of 
secondary  MPLS  paths  to  which 
traffic  is  automatically  transferred 
in  the  event  of  a  network  outage, 
the  company  says. 

Fast  Reroute  is  also  a  recent 
addition  to  start-up  Atrica’s  lineup 
of  optical  Ethernet  switches.  The 


Cisco: 

MPLS  Bandwidth  Protection 
extension  to  IOS  software. 

Intended  to  give  service  providers 
an  alternative  to  SONET/SDH  for 
protecting  bandwidth. 

Uses  MPLS  Traffic  Engineering  Fast 
Reroute  capabilities  and  an  appli¬ 
cation  calledTunnel  Builder  Pro. 


vendor  last  week  announced  a 
win  with  France  Telecom  for 
transparent  LAN,  Ethernet  private 
line  and  Internet  access  services 
that  will  be  anchored  by  Atrica’s 
A-8800,  A-8100  and  A-2100  switch¬ 
es  and  access  gear. 

Atrica’s  MPLS  Fast  Reroute  soft¬ 
ware  will  help  ensure  50  msec 
link  restoration  and  “hard”  QoS 
guarantees  for  MPLS  Label 
Switched  Paths  transporting  those 
services,  says  Nan  Chen,  Atrica 
director  of  product  marketing. 

For  networkwide  resiliency 
Cisco  two  weeks  ago  rolled  out 
MPLS  Bandwidth  Protection,  an 
extension  to  Cisco’s  IOS  routing 
software  that  uses  Fast  Reroute 


with  an  application  called  Tunnel 
Builder  Pro.  MPLS  Bandwidth 
Protection  helps  service  providers 
minimize  or  eliminate  nonpro¬ 
ductive  redundant  circuits  and 
offer  carrier-class  SLAs,  Cisco  says. 

Tunnel  Builder  Pro  computes 
back-up  tunnels  for  bandwidth 
protection.  Another  new  feature 
in  Ciscos  Fast  Reroute  software  is 
support  for  Resource  Reservation 
Protocol  Hello  packets,  which  are 
used  as  a  failure  detection  mech¬ 
anism  for  interfaces  other  than 
packet-over-SONET,  such  as  Fast 
Ethernet  and  Gigabit  Ethernet. 

Despite  the  recent  vendor  activ¬ 
ity  around  MPLS  Fast  Reroute, 
analysts  offer  a  caveat.  Many 
implementations  are  vendor-spe¬ 
cific,  which  means  that  even 
though  MPLS  is  an  emerging  stan¬ 
dard,  vendors  will  interpret  it  as 
befits  their  business  motives. 

“Potential  customers  of  Ether¬ 
net  router  MPLS  technologies 
should  carefully  watch  the  pro¬ 
gress  of  standardization  efforts  to 
ensure  consensus  is  forming 
before  making  any  investments 
that  might  otherwise  become 
stranded  and  should  bear  ex¬ 
pected  timelines  for  finalization 
of  standards  in  mind,”  David  Dun- 
phyan  analyst  at  Current  Analysis, 
said  in  a  recent  report.  ■ 


SBC  expands  Nortel  pact 


■  BY  JIM  DUFFY 

SAN  ANTONIO,  TEXAS  —  Nor¬ 
tel  last  week  said  that  SBC  Com¬ 
munications’  services  affiliate 
will  purchase  an  unspecified 
number  of  Nortel  coarse  wave¬ 
length  division  multiplexers  to 
expand  its  line  of  managed 
wavelength  services. 

SBC  plans  to  use  the  Optera 
Metro  5100  multiplexer  to  offer 
services  such  as  optical  Ethernet 
and  storage  services  throughout 
its  13-state  territory  The  carrier 
signed  a  contract  last  year  to 
install  Nortel’s  higher-end  Optera 
Metro  5200s  to  support  its  Multi- 
Service  Optical  Networking 
(MON)  service.  MON  provides 
companies  with  high-bandwidth 
connections  between  metropoli¬ 
tan-area  sites  for  applications 
such  as  data-center  mirroring. 

MON  service  can  deliver 
speeds  of  up  to  80G  bit/sec  for 
protected  traffic,  where  half  the 


available  bandwidth  is  reserved 
for  failover,  and  160G  bit/sec  for 
unprotected  traffic.  Contracts 
start  at  about  $30,000  per  month 
for  60  months,  according  to  SBC. 

The  Optera  Metro  5100  will  let 
SBC  expand  its  addressable  mar¬ 
ket  beyond  large  companies  to 
midsized  companies,  Nortel 
says.  The  5100  is  designed  for 
smaller  bandwidth  requirements 
that  extend  wavelengths  to  the 
customer  premises. 

The  high-end  5200  is  a  platform 
for  metropolitan  access  and 
interoffice  applications. 

The  5100  is  a  six-slot,  C WDM  ver¬ 
sion  of  the  20-slot  5200  core 
dense  wavelength  division  multi¬ 
plexing  (DWDM)  system  de¬ 
signed  for  branch-office  environ¬ 
ments  and  as  a  link  into  a  5200- 
based  metropolitan  core.  The 
5100  is  optimized  for  access 
rings,  collector  rings  and  point-to- 
point  applications. 

The  5200  takes  wavelengths 


coming  from  the  5100  and  maps 
them  into  different  wavelengths 
on  the  core  ring,  and  also  inter¬ 
connects  core  networks. 

The  5100  and  5200  enable  ser¬ 
vice  provisioning  over  a  shared 
metropolitan  WDM  infrastruc¬ 
ture,  Nortel  says.  Metropolitan 
WDM  is  usually  the  luxury  of 
companies  that  can  afford  private 
or  dedicated  optical  resources. 

Nortel  says  CWDM  will  save 
service  providers  more  than  35% 
per  wavelength  in  power  con¬ 
sumption  and  equipment  costs. 

Nortel  is  the  market  leader  in 
metropolitan  WDM,  grabbing  a 
46.2%  share  of  the  $108.4  million 
market  in  the  second  quarter, 
according  to  Dell’Oro  Group. 
Nortel  says  its  optical  equipment 
carries  more  than  200  petabits  of 
traffic  worldwide  per  day.  As 
recently  as  two  years  ago,  the 
entire  Internet  carried  only  30  to 
40  petabits  per  month, according 
to  Nortel.  ■ 


Session  control 

continued  from  page  37 

These  devices  also  handle 
the  problems  that  firewalls  can 
create  by  translating  the  private 
IP  address  of  an  IP  phone  to  a 
public  IP  address  that  can  be 
recognized  by  routers  in  public 
networks.  This  is  a  necessary 
function  but  does  not  alter  the 
originating  addresses  on  inter¬ 
nal  parts  of  the  packets,  only 
the  external  headers.  When  IP 
phone  gear  parses  these  pack¬ 
ets  and  sees  that  the  headers 
don’t  match,  it  discards  them. 

These  new  devices  fix  that 
discrepancy  for  both  call  sig¬ 
naling  and  media  packets. 
Outbound  and  inbound  calls 
are  directed  to  the  controllers, 
and  they  alter  the  packets  so 
they  won’t  be  rejected  by  other 
devices  and  can  find  their  way 
to  privately  addressed  devices 
hidden  by  firewalls’  public  IP 
addresses. 

Session  controllers  use  back- 
to-back  user  agents  that  termi¬ 
nate  calls  coming  out  of  one 


network,  such  as  a  customer’s 
LAN,  and  establish  the  call 
across  the  next  network  it  must 
traverse,  such  as  a  service  pro¬ 
vider’s  network. 

This  is  particularly  useful  to 
service  providers  that  want  to 
offer  voice-over-1  P  services,  but 
would  be  unable  to  handle 
resetting  each  customer  fire¬ 
wall  or  convincing  customers 
to  buy  new  firewalls  that  can 
handle  VoIP  network  address 
translation. 

Some  vendors  such  as  Jasomi 
support  only  Sessions  Initiation 
Protocol-to-SIP  translations.  Oth¬ 
ers  also  support  network  address 
translation  for  Media  Gateway 
Control  Protocol  and  H.323  pro¬ 
tocols  used  for  packet  voice. 

Yankee  Group’s  Bieberich  says 
that  within  four  years,  the  compa¬ 
nies  selling  session  controllers 
will  consolidate  by  being  bought 
up  by  larger  vendors  of  edge 
routers  or  by  licensing  their  tech¬ 
nology  to  them. 

“A  lot  of  this  technology  could 
be  implemented  on  a  router 
blade,”  he  says.B 
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■  AN  INSIDE  LOOK  AT  THE 
TECHNOLOGIES  AND  STANDARDS 
SHAPING  YOUR  NETWORK 


StarFabric  eases  bus  architecture 


HOW  IT  WORKS 


ATM  edge  switch  with  StarFabric 

Without  StarFabric,  each  line  card  would  contain 
its  own  processor,  memory  and  bus.  StarFabric 
lets  switch  designers  centralize  functions  for 
greater  efficiency. 


© 


WAN  uplink  cards 

KSSl 


processing  unit  cards 


LAN  traffic  enters  line  cards.  Traffic 
can  use  existing  bus  technologies 
such  as  PCI,  H.110  or  Utopia. 
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StarFabric  bridge  sends  traffic 
through  the  backplane  to 
centralized  processing  units. 


© 


Traffic  moves  through  the 
backplane  to  WAN  uplinks,  which 
send  traffic  out  onto  the  WAN. 


■  BY  GREG  WHELAN 

StarFabric  is  a  multiprotocol  switched 
interconnect  technology  for  board-to- 
board  and  chassis-to-chassis  connectivity 
that  provides  more  scalability  and  flexibil¬ 
ity  for  designers  of  next-generation  data, 
voice  and  video  equipment  than  parallel 
bus  architectures. 

StarFabric  was  designed  to  support  seven 
traffic  classes,  including  asynchronous, 
isochronous,  multicast  and  high-priority 
provisioning.  In  the  past,  system  designers 
would  have  needed  separate  in-system 
interconnects  for  each  traffic  type. 

A  voice-over-IP  gateway  would  need 
three  independent  buses:  one  for  TDM  traf¬ 
fic,  one  for  packet  traffic  and  one  for  con¬ 
trol  traffic.  With  StarFabric,  each  blade  in 
the  system  would  have  one  or  more  bridge 
devices  on  it,  depending  on  the  traffic 
types  supported. 

These  bridge  devices,  such  as  a  PCI-to- 
StarFabric  bridge  or  an  H.l  10-to-Star- 
Fabric  bridge,  would  then  connect  to  two 
redundant  switch  blades  in  a  dual  point- 
to-point  fashion  over  the  backplane. 

The  PCI  Industrial  Computer  Manu¬ 
facturing  Group  recently  ratified  the 
PICMG  2.17  CompactPCI  StarFabric  Spec¬ 
ification,  which  specifies  how  to  imple- 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
have  one  and  want  to  contribute  it  to  a 
future  issue,  contact  Features  Editor 
Neal  Weinberg  (nweinberg®  nww.com). 


ment  StarFabric. 

StarFabric  provides  a  simple  migration 
path  from  existing  open  platform  archi¬ 
tectures  that  are  based  on  a  parallel  bus 
architecture.lt  is  100%  backward  compat¬ 
ible  with  PCI,  H.l  10  and  Utopia. The  Star- 
Fabric  architecture  supports  2.5G  bit/sec 
point-to-point  links  and  allows  for  the  use 
of  standard  cabling  and  connector  tech¬ 
nology,  such  as  RJ-45  connectors  and 
Category  5  cabling. 

In  the  case  of  an  ATM  device  such  as  an 
access  concentrator  or  edge  switch,  at  the 
board  level,  many  of  these  systems  have 
network  processors  on  every  blade.  This 
decentralized  architecture  requires  ex¬ 
pensive  line  cards.  With  StarFabric,  line 
cards  can  be  made  dumb  and  inexpen- 
sive.The  data  that  enters  the  system  on  the 
line  card  is  encapsulated  and  switched 
through  the  system  via  StarFabric  to  cen¬ 
tralized  processing  resources. 

An  ATM  edge  switch  using  traditional 
architectures  would  have  every  line  card 
burdened  by  having  a  Layer  2  network 
processor  and  associated  memory.  This 
burden  is  felt  in  terms  of  cost,  power  and 
density.  If  a  new  service  needed  to  be 
added  and  the  Layer  2  network  proces¬ 
sors  were  not  powerful  enough, all  the  line 
cards  would  have  to  be  replaced. 

In  the  case  of  an  ATM  edge  switch  using 
StarFabric,  the  line  cards  are  high-density 
and  do  not  require  local  intelligence. The 
network  processing  unit  (NPU)  cards  are 
high-performance  centralized  resource 
cards  that  connect  to  the  line  cards  via 
the  switch  fabric.  Traffic  would  enter  the 
system  on  the  line  cards,  go  to  the  NPU 
cards  and  exit  via  the  WAN  cards. 

StarFabric  also  can  be  used  to  solve 
chassis-to-chassis  connectivity  problems. 


In  many  communications  systems  a  single 
shelf  cannot  meet  the  mission  parame¬ 
ters. The  solution  is  to  connect  additional 
chassis  full  of  line  cards  to  share  expen¬ 
sive  processing  resources  or  to  share  a 
WAN  uplink  circuit.  Many  solutions  are 
too  costly  in  terms  of  price,  power,  board 
space  and  protocol  overhead. 

In  the  simplest  case,  each  chassis 
would  contain  a  blade  consisting  of  a 
StarFabric  bridge  device.  With  two  ports 
per  bridge,  each  chassis  could  connect 
to  two  other  chassis  at  2G  bit/sec  via  Cat 
5  cables  with  RJ-45  connectors.  If  the  sys¬ 
tem  requires  more  than  three  chassis, sys¬ 
tem  designers  have  a  number  of  options. 
They  can  add  a  switch  blade  to  the  mas¬ 


ter  chassis  or  they  can  add  a  1-U  switch 
box  to  one  of  the  racks. 

Todays  market  has  many  interconnects 
vying  for  dominance.  HyperTransport  and 
RapidIO  are  high-speed  chip-to-chip  inter¬ 
connects  with  direct  competition  from  PCI- 
Express.  Because  StarFabric  is  a  board-to- 
board  and  chassis-to-chassis  interconnect 
it  does  not  compete  directly  with  them. 

However,  future  serial  versions  of 
RapidIO  would  compete  directly  with 
StarFabric  and  the  Advanced  Switching 
extensions  to  PCI-Express. 

Whelan  is  the  director  of  product  mar¬ 
keting  at  StarGen.  He  can  be  contacted  at 
Whelan  @stargen.  com. 


Dr.  Internet 


By  Steve  Blass 


Where  can  we  find  inexpensive  products  that  moni¬ 
tor  bandwidth  and  conduct  MIS  reporting  about 
applications  each  IP  address  uses  over  the  WAN? 

The  Multi  RouterTraffic  Grapher  is  an  open 
source  tool  for  monitoring  the  traffic  load  on  net¬ 
work  links.  MRTG  generates  HTML  pages  con¬ 
taining  graphical  images  to  provide  a  live  visual 
representation  of  this  traffic.  Go  to  www.nwfu- 
sion.com,  DocFinder:  2726,  for  an  example.  MRTG 


(available  at  www.mrtg.org)  is  based  on  Perl  and  C 
and  works  under  Unix  and  Windows  NT.  MRTG  is 
in  widespread  use  across  the  Internet. 

Snort  is  a  strong  open  source  network  intrusion- 
detection  system,  capable  of  performing  real-time 
traffic  analysis  and  packet  logging  on  IP  networks. 
It  can  perform  protocol  analysis,  content  search¬ 
ing/matching  and  can  be  used  to  detect  a  variety 
of  attacks  and  probes,  such  as  buffer  overflows, 
stealth  port -scans,  common  gateway  interface 


attacks,  SMB  probes  and  more.  It  includes  real¬ 
time  alerting,  incorporates  alerting  mechanisms 
for  syslog,  a  user  specified  file,  a  Unix  socket  or 
WinPopup  messages  via  smbclient.  Snort  is  avail¬ 
able  at  www.snort.org.  Another  tool,  called  Argus, 
is  available  for  Unix  at  www.q0sient.com/ar9us.'' 

Blass  is  a  network  architect  at  Change  d 
Work  in  Houston.  He  can  be  reached  at 
dr.internet@changeatwork.com. 
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Excellent  remote  control  for  free 


A  few  weeks  ago  we  reviewed  the  Sharp 
Zaurus  handheld, a  fine  piece  of  engi¬ 
neering  that  Sharp  finally  remem¬ 
bered  we  had  and  wanted  back.  Darn. 

Anyway  in  that  column  we  mentioned  a 
piece  of  remote  control  software  called 
Virtual  Network  Computing  (VNC)  created 
by  the  unlikely  combination  of  AT&T  Lab¬ 
oratories  and  the  University  of  Cambridge. 

VNC  is  a  remote  control  system  that  lets 
you  see  the  monitor  display  of  a  remote 
computer  and  makes  your  keyboard  and 
mouse  act  as  the  remote  computer’s  key¬ 
board  and  mouse. 

The  authors  note  that  VNC  is  different 
from  other  remote  control  solutions  in  that: 
“It  is  fully  cross-platform  [note  that  there  is 
no  Mac  support  yet  —  Gearhead] .  A  desk¬ 
top  running  on  a  Linux  machine  might  be 
displayed  on  a  Windows  PC,  on  a  Solaris 
machine,  or  on  any  number  of  other  archi¬ 
tectures.  There  is  a  Java  viewer  so  that  any 
desktop  can  be  viewed  with  any  Java-capa¬ 
ble  browser.  There  is  a  Windows  server, 


allowing  you  to  view  the  desktop  of  a 
remote  Windows  machine  on  any  of  these 
platforms  using  exactly  the  same  viewer. 
The  simplicity  of  the  protocol  makes  it  easy 
to  port  to  new  platforms,  and  other  people 
have  therefore  ported  VNC  to  a  huge  vari¬ 
ety  of  platforms.” 

They  also  say  it  “is  small  and  simple.  The 
Windows  viewer,  for  example,  is  about  150K 
in  size  and  can  be  run  directly  from  a  flop¬ 
py  The  entire  Java  viewer  is  substantially 
less  than  100K  and  takes  less  time  to  down¬ 
load  than  the  images  on  some  Web  pages.” 

Finally  the  company  announces  that 
VNC  “is  free!  You  can  download  it 
(www.realvnc.com/download.html),  use 
it,  and  redistribute  it  under  the  terms  of 
the  GNU  General  Public  License.”You  also 
can  get  the  full  source  code,  and  there’s 
in-depth  how-it-works  information  at 
www.realvnc.com/howitworks.hmtl, 
including  a  discussion  of  the  underlying 
protocol. 

VNC  is  a  remarkable  package.  It  literally 
takes  minutes  to  install,  it  is  robust  and  it  is 
fast.  The  machine  to  be  monitored  is  the 
server  and  the  remote  viewer  is  the  client. 
But  there  are  some  important  considera¬ 
tions  if  you’re  going  to  use  it.  First,  it’s  not 
really  secure  (although  compared  with  tel¬ 
net  access, VNC  is  more  like  Fort  Knox). 

To  route  VNC  connections  through  a  fire- 
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Product  Virtual  Network  Computing 
Freeware 


Functionality . A 
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Value  for  money . A 


Vendor:  AT&T  and  the  University  of 
Cambridge 

www.uk.research.att.com/vnc 


wall  you’ll  have  to  set  up  your  firewall  to  al¬ 
low  connections  to  the  VNC  ports. VNC  can 
support  many  servers  on  a  machine  so  a 
VNC  server  will  accept  connections  on  port 
5900+N,  where  N  is  the  server’s  number. 

The  built-in  Web  server  that  services  the 
Java  VNC  Viewer  is  accessible  via  port 
5800+N  but  VNC  traffic  is  not  encrypted  so 
this  is  a  potential  security  problem. 

The  only  built-in  security  in  VNC  is  basic 
password  encryption,  so  if  you’re  paranoid 
you’ll  want  to  use  VNC  with  Secure  Shell 
(SSH).The  details  of  how  to  use  VNC  with 
SSH  can  be  found  at  www.nwfusion.com, 
DocFinder:  2728. 

VNC  came  to  our  attention  again  with  a 
new  release  on  Sept. 25  — Version  3.3.4.The 
two  most  significant  improvements  are: 

•  First,  VNC  “automatically  optimizes  the 
choice  of  encoding  and  pixel  format 


based  on  an  estimate  of  line  speed.  In  most 
cases  now  the  viewer  will  adapt  to  slow 
and  fast  links  without  needing  extra  com¬ 
mand-line  options. This  is  particularly  use¬ 
ful  if  the  desktop  is  viewed  in  the  office 
over  a  good  LAN  connection,  then  later  at 
home  over  a  slow  link.  On  connection,  the 
algorithm  assumes  a  slow  link  and  uses 
eight-bit  color  and  ZRLE  [see  the  next 
item].  If  the  network  seems  fast,  we  switch 
to  full-color.  If  the  network  seems  really  fast, 
we  also  switch  to  hextile  rather  than  ZRLE. 
If  server  and  viewer  are  on  the  same 
machine,  we  use  raw’’ 

•  Second,  the  VNC  team  says  ZRLE  is 
“another  significant  development.”This  is 
apparently  a  new  encoding  method  that 
works  well  with  slow  links  and  is  “a  com¬ 
bination  of  the  run-length  encoding 
scheme  with  tiling,  palettization  and  ZL1B 
compression." 

There  also  are  all  sorts  of  new  manage 
ment  and  configuration  features,  and  the 
documentation  is  more  thorough.  We’ve 
been  running  the  3.3.4  release  for  a  few 
hours  and  it  not  only  looks  stable,  the  Java 
client  works  great  and  the  whole  system  is 
faster.  Let  us  know  your  experiences  with 
VNC.  A  great  piece  of  software! 

Tell  us  if  you’re  experienced  at  gear 
head@gibbs.  com. 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Toshiba  launches  $350  Pocket  PC 

Toshiba  recently  introduced  the  Pocket  PC  e330  series, 
two  new  Fbcket  PC  devices  that  expand  on  the  company’s 
Pocket  PC  e310  design. JTie  e330  and  e335  each  cost  $350 
(after  a  $50  rebate),  and  are  aimed  at  users  who  want 
more  than  a  simple  calendar  and  address  book  but  don’t 
want  the  high-end  model, Toshiba  says. 

The  devices  include  an  Intel  PXA250  processor  with 
XScale  technology  at  300  MHz;  64M  bytes  of  RAM;  a  Secure 
Digital  expansion  card  slot;  a  3.5-inch,  color  reflective  TFT 
screen  (65,536  colors  at  240-by-320-pixel  resolution);  and 
an  advanced  lithium-ion  battery.The  devices  run  the  Packet 
PC  2002  operating  system,  and  have  a  speaker,  microphone 
and  stereo  headphone  jack.  The 
e335  also  includes  ArcSoft 
PhotoBase  software. 

The  e335  will  be  available  in 
retail  channels,  and  the  e330  will 
be  available  through  Toshiba’s 
distribution  channels,  value-added 
resellers  and  its  Web  site  at  www. 
shoptoshiba.com. 


Two  notebooks  from  Toshiba 

Toshiba  also  has  announced  two 
Satellite  notebook  computers  aimed  at 

Toshiba's  new  Pocket  PCs  offer  more  than  a 
calendar  and  address  book,  at  a  good  price. 


first-time  notebook  buyers,  with  models  as  low  as  $1,100. 

The  Satellite  1 1 15-S103  includes  an  Intel  Celeron  1.5-GHz 
processor,  256M  bytes  of  SDRAM,  a  20G-byte  hard  drive,  a 
14.1-inch  TFT  display  DVD-ROM  drive,  integrated  V92  56K 
bit/sec  modem,  integrated  10/100M  bit/sec  Ethernet  port, 
three  USB  (1.1)  ports,  and  Windows  XP  Home  Edition.The 
1 1 15-S103  starts  at  $1,100. 

The  Satellite  1 1 10-S153  model  includes  an  Intel  Celeron 
1 .8-GHz  processor, 256M  bytes  of  SDRAM, a  20G-byte  hard 
drive,  14.1-inch  TFT  display  DVD-ROM  drive  and  floppy 
disk  drive,  integrated  V92  56K  bit/sec  modem,  integrated 
10/100  Ethernet  port,  three  USB  (1.1)  ports,  and  Windows 
XP  Professional  Edition.The  1 1 10-S153  starts  at  $1,250. 

Go  to  Toshiba’s  Web  site  (www.csd.toshiba.com)  for 
more  information. 

PowerPoint  remote  control 

Interlink  Electronics  has  announced  its  RemotePbint 
Navigator  —  an  “ergonomically  styled”  remote  control  de¬ 
vice  for  PC-based  presentations.The  radio-frequency  wire¬ 
less  device  lets  you  control  your  presentations  from  within 
50  feet  of  your  computer. 

To  operate,  a  user  just  has  to  plug  a  receiver  in  to  the  USB 
port  of  his  computer  (the  device  supports  Windows  98,  ME, 
2000  and  XP).The  palm-sized  device  has  large  arrow  keys 
to  advance,  reverse  or  hide  presentation  slides.The  device 
also  has  a  built-in  laser  pointer.  Interlink  says. 

The  device  costs  $150  and  is  available  now  through  select¬ 
ed  resellers.  Go  to  www.rpnav.com  for  more  information. 

Print  attachments  from  a  Pocket  PC 

PrinterOn  recently  extended  the  features  of  its  Envoy 
enterprise  server  to  include  a  Web  interface  for  secure 
printing  and  faxing  from  Fbcket  PC  devices. 

The  Envoy  server  is  an  attachment-handling  server 
that  lets  users  view,  fax  and  print  e-mail  attachments 
via  an  e-mail  interface  for  BlackBerry  handheld  or 
^  Palm  OS  devices.  The  new  release  supports  a 


RemotePoint  Navigator  lets 
you  control  PC-based 
presentations  50 
feet  from  your 
computer. 


secure  Web  interface  (HTTPS)  that  Fbcket  PC  users  can 
use  to  obtain  hard  copies  of  e-mail,  attachments,  Web 
pages  and  files  stored  on  their  devices. 

The  server  includes  features  such  as  multiple  output 
options,  searching  for  printers  on  demand  regardless  of 
location,  and  having  one  corporate  server  for  multiple  PDA 
devices  and  wireless  networks,  PrinterOn  says.  Printing  capa¬ 
bilities  include  printing  to  corporate  printers, home  printers, 
or  public  printers  at  hotels, convention  sites  or  print  centers. 
Envoy  supports  wireless  connections,  including  802.11b, 
Mobitex,GPFSS,  lxFCTT  and  IP  over  Bluetooth, FYinterOn  says. 

The  server  is  available  for  a  company  that  wants  to  host 
its  own  wireless  services,  or  as  a  Web-hosted  solution 
(aimed  at  small  business,  home  or  remote  offices). Service 
plans  start  at  $30  per  person,  per  year,  with  a  five-user 
license.  Go  to  www.printeron.net  for  more  information. 

Shaw  can  be  reached  at  kshaw@nww.com. 
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EDITORIAL 

John  Dix 

industry  slump 
doesn’t  preclude 
advances 


Industry  pundit  John  McQuillan,  co-chair  of  the  Next 
Generation  Networks  conference,  told  a  somber 
vendor  audience  last  week  in  Boston  that  80%  to  90% 
of  the  10,000  venture-backed  private  technology  compa¬ 
nies  will  fail  by  2005. 

By  comparison,  2,500  tech  companies  successfully  went 
public  or  were  swallowed  in  upside  acquisitions  during 
the  boom  times  of  1996  to  2000. 

He  cited  the  oft-repeated  causes:  the  collapse  of  tele¬ 
com,  a  plateau  in  enterprise  spending  and  the  drying  up 
of  the  financial  markets.  But  McQuillan’s  NGN  co-host, 
David  Passmore,  research  director  of  the  Burton  Group, 
said  the  future  looks  bright  for  enterprise  innovation. 

Companies  are  wrestling  with  everything  from  em¬ 
ployee-acquired  technologies  such  as  PDAs  and  personal 
applications  to  emerging  technologies  such  as  voice  over 
IRwireless  and  Internet  security  tools.  Some  of  this  re¬ 
quires  new  infrastructure,  and  that  catches  the  attention 
of  upstarts  and  venture  capitalists. 

Regarding  the  latter,  we  recently  caught  up  with  Chris¬ 
topher  Baldwin  of  Charles  River  Ventures  for  an  update 
on  current  VC  thinking. 

Like  Passmore,  Baldwin  says  he  sees  the  enterprise  pic¬ 
ture  changing,  if  for  no  other  reason  than  “IT  has  become 
a  consumable,”  he  says.“You  can  hold  your  breath  for 
only  so  long.  Sooner  or  later  you  have  to  take  more  in.” 

That  makes  him  optimistic  about  new  opportunities,  but 
he  points  out  that  the  rules  have  changed.Venture  capital¬ 
ists  count  on  5x  to  lOx  returns, but  can  no  longer  expect 
that  kind  of  performance  from  big  bets  so  are  shying  away 
from  them.“lf  it’s  going  to  take  $80  to  $90  million  to  get  to 
cash-flow  breakeven,  I’m  not  sure  that  will  work  any  more.” 

And  because  venture  firms  aren’t  venturing  as  much, 
they  are  scaling  down  their  funds  and  their  personnel. 
Once  a  $1.2  billion  fund, Charles  River  is  a  $450  million 
fund  today,  Baldwin  says. 

The  health  of  the  industry  also  influences  what  types  of 
ideas  VCs  will  back.  In  boom  times,  incremental  improve¬ 
ments  on  existing  technology,  while  typically  expensive, 
can  be  worthwhile  investments  if  the  incumbent  vendors 
are  having  a  hard  time  keeping  up. 

But  in  lean  times  large  incumbent  firms  are  in  a  better 
position  for  iterative  advances  and  VCs  instead  look  for 
innovation  that  can  shift  markets. 

Shifting  is  what  it  is  all  about.  At  NGN,  McQuillan  told 
the  audience  that  telecom  has  changed  completely.  “Not 
forever,  but  for  at  least  the  next  planning  horizon.”  In  this 
climate,  vendors, VCs  and  users  alike  have  to  revise  their 
strategies  on  the  fly 

—  John  Dix 
Editor  in  Chief 
jdix@nww.com 
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Apple  of  their  eye 

Regarding  Dave  Kearns’  column  “Can  an  Apple  a 
day  really  keep  the  IT  expert  away?”  (wwwnw 
fusion.com,  DocFinder:  2725):  1,  too,  have  been 
amused  at  the  Apple  “switch”  commercials,  but  for  a 
different  reason.  These  ads  epitomize  not  a 
Macintosh  mentality  but  the  sense  of  outrage  that  all 
average  computer  users  have  that  their  machines 
are  becoming  too  complicated,  especially  if  net¬ 
working  is  an  issue. 

I  attached  a  variety  of  different  manufacturer’s  dig¬ 
ital  cameras  to  my  Mac  via  USB  without  having  to 
download  any  drivers.  The  machine  just  knows  and 
fires  up  iPhoto  to  allow  seamless  downloads.  None 
of  my  dozen  or  so  Windows  programmers  and/or  IT 
guys  can  make  the  same  claim.  Sorry,  but  I  think 
Kearns  has  seriously  missed  the  point  and,  if  any¬ 
thing,  make  a  strong  case  for  the  continuing  ease-of- 
use  advantages  of  the  Mac  OS  over  Windows. 

Paul  Greatbatch 
Indianapolis 

One  of  the  reasons  Apple  became  so  common  in 
schools  was  dirt-simple  networking.  It  was  not  a 
big  deal  for  a  teacher  to  hook  up  a  bunch  of  old 
Macs  on  a  phonenet  network  and  share  a  com¬ 
mon  printer,  use  a  computer  for  a  server  and  share 
files.  Many  small  businesses  are  completely  dis¬ 
gusted  with  the  cost  of  hiring  IT  specialists  to 
install  and  maintain  networks,  so,  for  many  of 
them,  the  ease  of  Mac  networking,  combined  with 
a  rock  solid  operating  system  in  OS  X,give  them  a 
nice  low-cost,  low-maintenance  network.  I  agree 
with  Kearns  that  things  like  setting  up  a  shared 
Internet  connection  or  an  e-mail  server  are 
beyond  the  scope  of  most  nontechnical  users 
(Windows  or  Mac),  but  for  a  quick  and  easy  net- 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix.  Editor  In 
Chief.  Network  World,  118  Turnpike  Road.  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


work,  complete  with  shared  resources, you  cannot 
beat  OS  X. 

Arlen  Owens  II 
Project  engineer 
RJF  International 
Marietta,  Ohio 

Dave  Kearns’  column  on  Apple’s  “switch”  ad  cam¬ 
paign  was  an  unprovoked  and  unvarnished  insult  to 
all  Macintosh  users.  I  am  a  long-time  Mac  user  and 
programmer.  I  also  have  a  sleek  Windows  2000  box 
that  1  use  and, yes,  occasionally  program  on  as  well. 
But  my  Mac  is  my  main  machine.  Not  because  “PCs 
for  Dummies  is  too  technical,”  as  Kearns  charges  in 
his  column,  but  because  the  Mac  just  works.  It  gets 
out  of  my  way  and  lets  me  do  my  job,  without  hav¬ 
ing  to  spend  time  and  energy  figuring  out  how  to  do 
it  in  each  new  program.  If  Kearns  wants  to  criticize 
the  ad  campaigns  because  they  are  sometimes  silly 
and  often  overstated  in  their  anti-PC  claims,  I  can  go 
with  him.  But  stop  Mac  bashing.There  are  intelligent, 
creative  and  technically  knowledgeable  folks  out 
here  who  simply  prefer  the  Macintosh. 

Dan  Shafer 
President 
Shafer  Media 
Monterey  Calif. 

Dave  Kearns  writes: “[Janie]  Pbrche  probably  com¬ 
plained  to  her  car  dealer, ‘Who  wants  to  spend  time 
putting  gas  in  the  car?”’ Well,  if  you  didn’t  have  to  put 
gas  in  your  car,  would  you  want  to  spend  time  doing 
it?  No,  of  course  not.  Kearns’  statement  typifies  the 
Windows  mentality  —  namely,  that  users  should 
have  to  concern  themselves  with  technical  details 
that  95%  of  the  time  don’t  matter  and  only  serve  to 
confuse  ordinary  users. 

Andrew  Hedges 
Multimedia  analyst 
George  Washington  University 
Washington,  D.C. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  2724 


www.nwfusion.com 


10/21/02 


NetworkWorlj 


INTRANET  ADVISER 

Daniel  Blum 


f  as  that  “Error  404  —  access  denied” 
caused  by  a  typo,  or  is  it  the  symptom 
of  an  identity  crisis  in  your  applica¬ 
tions  security  environment? 

it’s  relatively  easy  to  front-end  simple  Web  server-based  applications 
with  Web  access  management  tools  such  as  Netegrity  SiteMinder,  IBM 
Access  Manager,  Oblix  NetFbint,RSA  Security  ClearTrust  or  Entrust  Get- 
Access.The  access  manager  plugs  into  the  Web  servers  authentication 
model  and  authorizes  or  forbids  access  to  specific  URLs. 

Integrating  Web  access  managers  with  IBM  Resource  Access  Control 
Facility  (RACF)-powered  mainframes,  application  servers  and  massive 
client/server  applications  such  as  SARJ.D.  Edwards  or  PeopleSoft  is 
another  story.  These  complex  line-of-business  systems  usually  employ 
their  own  account  management  tools.  An  average  SAP  deployment  has 
about  20  subsystems  and  tracks  thousands  of  roles  for  employees  and 
contractors.  And  the  user  IDs,  passwords  and  other  attributes  in  back¬ 
end  systems  such  as  SAP  might  not  match  up  with  data  in  the  access 
managers  Lightweight  Directory  Access  Protocol  (LDAP)  directory 

In  such  fragmented  identity  management  environments, a “404” could 
occur  because  there’s  a  mismatch  between  the  IDs  in  the  LDAP  direc¬ 
tory  and  a  back-end  applications  account  database. Or  perhaps  a  pass¬ 
word  expired  in  the  application,  and  the  problem  wasn’t  detected  and 
conveyed  to  the  user  by  the  front-end  security  system. 

It  seems  that  the  better  our  portals  and  Web  access  managers  get,  the 
more  application  integration  becomes  the  key  problem.  Resolving  inte¬ 


The  application  identity  crisis 


gration  problems  requires  front-to-back  identity  management  with 
comprehensive  delegated  or  centralized  administration  to  manage 
accounts,  self-service  administration  for  password  resets  and  ID/pass¬ 
word  provisioning  software  that  keeps  your  front-end  access  manager 
in  sync  with  the  accounts  on  the  back  end. 

User  management,  provisioning  and  Web  access  management  offer¬ 
ings  are  starting  to  coalesce  through  acquisitions  and  partnerships.  In 
a  trend  I  call  “platformania,”some  of  the  leading  vendors  in  the  ident¬ 
ity  management  market  —  IBM, Oblix, Netegrity, Novell, RSA  and  Sun  — 
are  broadening  their  products  to  become  identity  management  “plat- 
forms.”Novell  and  Netegrity  are  building  or  improving  provisioning  and 
user  management  to  complement  their  product  suites;  Oblix  has  part¬ 
nered  with  BMC  Software  for  provisioning  and  Pricewaterhouse- 
Coopers  for  integration  services;  IBM  recently  acquired  Access360;Sun 
has  added  a  Web  access  management  offering  directory  offerings;  and 
RSA  is  certifying  multiple  directory  services  and  provisioning  partners. 

So  if  users  in  crisis  are  overwhelming  your  help  desk  or  dropping  like 
flies  from  your  Web  site,  you  know  what  to  do.  Resolve  that  application 
identity  crisis  by  developing  a  comprehensive  identity  management 
architecture,  select  some  products,  and  begin  the  front-to-back  appli¬ 
cation  security  integration  that  will  deep-six  those  404  errors  forever. 

Blum  is  senior  vice  president  and  research  director  with  Burton 
Group ,  an  integrated  research ,  consulting  and  advisory  service.  He  can 
be  reached  at  dblum@burtongroup.com. 
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REALITY  CHECK 

Thomas  Nolle 


On  Oct.  7,  with  a  scant  week’s  public  no¬ 
tice,  the  Federal  Communications  Com¬ 
mission  opened  an  “en  banc”  or  full 
commission  hearing  on  the  state  of  the  tele¬ 
com  industry  The  real  question,  is  whether 
there  is  any  hope  that  good  could  come  from 
such  a  hearing.  Is  the  FCC  simply  too  far 
behind  the  curve  to  act  effectively? 

It’s  clear  by  now  that  the  public-policy  goals  of  the  Telecommun¬ 
ications  Act  of  1996  in  fostering  “competition”  to  lower  prices  and  pro¬ 
moting  massive  broadband  empowerment  were  in  fatal  conflict  from 
the  start.  But  enough  crying  over  the  past.  Can  anything  be  done?  Here 
are  some  ideas  that  have  emerged,  and  forgive  my  cynicism  but  they 
sound  suspiciously  like  “old  times  in  telecom  lobbying.” 

First,  we  could  force  the  regional  Bell  operating  companies  to  break 
up  into  wholesale  and  retail  businesses,  reduce  the  wholesale  and 
unbundled  network  equipment  (UNE)  prices  dramatically  and  let  the 
competitors  inherit  the  earth.This  sure  sounds  like  the  old  AT&T  refrain, 
and  all  it  would  do  is  destabilize  the  only  remaining  financially  rea¬ 
sonable  sector  of  the  industry  —  the  RBOCs.  Anyway  RBOC  lobbyists 
can  counter  this  set  of  suggestions.  Rate  this  a  nonstarter. 

Second,  we  could  give  the  RBOCs  complete  immunity  from  whole¬ 
saling  and  unbundling,  making  all  RBOC  competitors  reach  the  cus¬ 
tomer  via  new  infrastructure  that  the  competitors  build  out,  or  reach 
those  same  customers  with  full-rate  retail  service  connections  ob¬ 
tained  from  the  RBOCs.  Sound  like  RBOC  lobbyist-talk  to  you?  It’s  a 
death  sentence  for  all  the  non-RBOC  players.  Another  nonstarter. 

Third,  we  could  let  the  government  step  in,  pay  back  all  the  money 
lost  in  the  stock  market  when  the  competitive  local  exchange  carriers 
and  ISPs  collapsed,  and  have  a  new  national  telecom  network  run  by 
the  U.S.  Postal  Service  or  some  other  organization.This  is  the  “California 
Dreaming”  proposal  out  of  the  Silicon  Valley  start-up  sector.  Get  a  life, 
people;  no  way  taxpayers  would  ever  stand  for  this,  nor  should  they 
Fourth,  we  have  the“let  market  dynamics  take  their  course”approach, 
which  means  let  the  current  lobbying  activity  create,  through  what 


Is  it  too  late  for  FCC  hearings? 


might  be  called  “financial  incentives,”  the  proper  regulatory  and  leg¬ 
islative  framework  —  which  will  be  the  one  with  the  biggest  bucks 
behind  it.  Lobbyists  like  this  approach, of  course, and  frankly, it  looks  like 
the  one  that  will  win. 

That’s  the  problem.  Why  hold  a  conference  to  call  in  the  usual  sus¬ 
pects  and  find  out  what  you  already  know?  Politics,  perhaps?  The  prob¬ 
lem  is  that  politics  already  has  delayed  the  industry  far  too  long.  We 
need  perhaps  $50  billion  in  infrastructure  investment  over  the  next  sev¬ 
eral  years  to  modernize  the  public  network  for  nonvoice  services.  We’ll 
never  get  it  with  regulations  so  fluid  that  nobody  knows  what  Congress, 
the  federal  courts  or  the  FCC  will  do  next.  We  might  well  have  killed 
Wall  Street  confidence  in  our  market  already.  It  might  be  too  late. 

But  if  it  isn’t,  here’s  what  we  need: 

•  Tax  credits  for  new  infrastructure  serving  customers  with  broad¬ 
band  services.  Give  a  big  credit  to  anyone  who  deploys  new  digital 
infrastructure,  no  matter  where,  but  add  a  provision  that  mandates 
achieving  specific  service  and  penetration  goals  or  risk  having  the 
credit  withdrawn. 

•  Regulatory  balance.  The  RBOCs  should  have  absolute  immunity 
from  unbundling  new  packet  data  infrastructure  and  DSL  service  ele¬ 
ments.  They  also  should  have  an  absolute  mandate  to  wholesale  ser¬ 
vices  over  that  new  infrastructure,  and  to  provide  unbridled  network 
elements  in  the  traditional  services  and  infrastructure  area. 

•  Interconnect  and  settlement  rules.  We  need  a  formal  set  of  inter¬ 
faces  defined  for  all  intercarrier  connections  (voice,  data,  Internet)  and 
a  formal  set  of  procedures  for  tariffing  the  settlement  among  carriers 
associated  with  cross-carrier  connection  of  customers.  Lack  of  this  for¬ 
malism  killed  quality-of-service  peering  on  the  Internet, and  continued 
failure  to  address  this  issue  will  doom  small  players  and  perhaps  even 
emerging  content  applications. 

How  about  it,  FCC?  What  do  you  think? 


The  problem  is 
that  politics 
already  has 
delayed  the 
industry  far 
too  long. 


Nolle  is  president  of  CIMl  Corp.,  a  technology  assessment  firm  in 
Voorhees,  N.J.  He  can  be  reached  at  (856)  753-0004  or  tnolle@cimi- 
corp.com. 


Voice  over  IP:  the  Right  Time  for  r  Rollout 


One  in  five  Network  IT  Executives  has  already  implemented  voice  over  IP!* 

This  signals  that  convergence  is  a  go!  Now  it's  your  turn  to  merge  the  worlds  of 
voice  and  data  and  reap  the  many  benefits  of  voice  over  IP.  Find  out  which 
products  are  mature  enough  for  deployment.  Learn  how  to  convince  corporate 
management  that  the  time  and  money  you'll  save  on  infrastructure  and  staff  is 
worth  the  investment.  It's  time  to  get  serious  about  convergence.  Attend 
Network  World's  FREE  "Voice  over  IP:  The  Right  Time  for  a  Rollout"  event. 

*Source:  Network  World  500  Study,  2002 


Successful  VoIP  Rollout  Keys: 

•  Develop  a  business  case  for 
voice  over  IP 

•  Architect  a  voice  over  IP  network 

•  Identify  the  key  voice  over 
IP  applications 

•  Manage  tactical  and  strategic 
roll-out  issues 

■  Tackle  security  concerns 

•  Deploy  a  voice  over  IP  network  in 
the  LAN  or  WAN 

I 

This  event  is  limited  to  qualified  IT  professionals  currently  involved  in  the  evaluation  and 
purchase  of  voice  and  data  products  and  services.  Network  World  reserves  the  right  to 
determine  total  audience  profile. 


A  "Must-Attend  Event”  for: 

■  Network  Directors/Managers 

■  Data  Managers 

•  Telecom  Managers 

■  Network  Architects 

■  CIOs,  CTOs,  CXOs 


Event  Schedule 


October  9 
October  io 
October  2 9 
October  30 
November  6 
November  7 


New  York  ,  NY 
Arlington ,  VA 
Atlanta,  GA 
Dallas,  TX 
San  Diego,  CA 
San  Francisco,  CA 


Event  Moderrtor: 

Steve  Taylor,  President, 

Distributed  Networking  Associates 

Register  Now! 

Seating  is  limited  to  qualified  participants. 

Don't  miss  out!  Sign  up  online  at: 

www.networkworld.com/events/voip/register.jsp 
or  call  1-800-643-4668. 

Bonus! 

Attend  and  have  a  chance  to  win  a  $100  American  Express  Gift  Cheque,  awarded  for 
the  Best  Question  of  the  Day!  You  must  be  present  at  the  3  p.m.  drawing  to  win. 
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■  BY  BARRY  NANCE,  NETWORK  WORLD  TEST  ALLIANCE 

The  development  team  throws  a  party  when  it  delivers  a  new  database- 
oriented  application  to  the  business  community.  But  the  network  exec,  like 
Cinderella,  can’t  go  to  the  party 

All  too  often,  the  network  team  didn’t  get  to  help  select  the  relational  data¬ 
base,  didn’t  get  straight  answers  from  the  development  team  on  network  traffic 
requirements  and  doesn’t  have  the  right  tools  to  show  management  and  the 
development  team  the  applications  effect  on  network  resources. 


Trou 

you 


Relational  database 
products  can  eat 
your  network 
Keep  the  piranhas  away 
with  these  tips 


Some  solutions  for  database  server  and  network  performance  problems 


1  Problem 

Possible  solution 

Server  CPU  utilization  is  too  high 

Tune  the  database. 

•  Analyze  SQL  statement  complexity. 
Get  a  faster  server. 


Server  memory  bottleneck 

Tune  the  database. 

Add  physical  memory. 

•  Adjust  paging  file  size. 

Server  hard  disk  overutilization 

Distribute  database  files  across  hard  disks  and  disk  controllers. 
Analyze  SQL  statement  complexity. 

Server  network  adapter  too  busy  or 

Optimize  the  application’s  design. 

too  much  database  network  traffic 

Tune  the  database. 

•  Add  bandwidth. 


Nonetheless,  it’s  your  team  that  is  responsible  for  the 
reliability  connectivity  and  overall  responsiveness  of  the 
application. 

The  most  likely  problem  you’ll  face,  unfortunately,  is 
sluggish  performance.  A  relational  database’s  behavior 
and  performance  depend  on  a  number  of  factors,  in¬ 
cluding  the  server  and  network  environment,  tuning 
parameters,  application  design  and  “user  load.” 

Moreover,  most  database  products  run  on  a  range 
of  operating  systems  and  types  of  computers.These 
factors  and  the  platform  choices  are  so  complex  and 
interrelated  that  dealing  with  them  comprehensively  re¬ 
quires  extensive  expertise.  In  their  license  agreements, 
Oracle  and  Microsoft  recognize  this  problem  by  pro 
hibiting  customers  from  discussing  or  revealing  data¬ 
base  benchmark  results. 

Mindful  of  these  licensing  terms,  but  curious  about  the 
many  factors  influencing  database  performance.  w<  in¬ 
vestigated  how  four  popular  relational  databases  — 
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Oracle  9i,  Sybase  Adaptive  Server 
Enterprise  (ASE)  12.5,  Microsoft  SQL 
Server  2000  and  IBM  DB2  Universal 
Database  7.2  —  can  cause  performance 
problems  on  your  network.  We  ran  each 
on  a  Compaq  ML570  ProLiant  four-way 
server  with  Windows  2000  Advanced 
Server  installed. 

From  a  network  perspective,  database 
performance  problems  fall  into  four  gen¬ 
eral  categories:  The  database  software  can 
monopolize  a  servers  CPU, spend  exces¬ 
sive  time  performing  disk  or  memory  ac¬ 
cesses,  overburden  the  server’s  network 
adapters)  or  emit  considerably  more  net¬ 
work  traffic  than  expected. 

Start  with  proper  configuration 

The  network  team  needs  to  keep  an 
eye  on  how  the  database  administrator 
(DBA)  configures  the  database  software, 
especially  for  initial  use  with  a  new  ap¬ 
plication.  A  DBA  who  follows  the  tuning 
guidelines  each  vendor  provides  easily 
can  create  a  database  server  that  over¬ 
whelms  network  resources  or  bogs  down 
the  server. 

Via  the  setting  or  modifying  of  parame¬ 
ters  that  throttle  the  number  and  the  run¬ 
ning  characteristics  of  server  processes,  all 
four  products  give  the  DBA  almost  com¬ 
plete  control  over  the  relational  database’s 
consumption  of  CPU  time,  memory  hard 
disks  and  even  network  adapters. 

The  way  Oracle’s  database  server  soft¬ 
ware  uses  the  parameters  set  by  the  DBA 
to  create  and  run  multiple 
processes  for  receiving  and 
distributing  SQL  requests  is 
a  good  example  of  what 
can  happen. 

Oracle’s  database  server 
software  launches  one  or 
more  dispatcher  modules  to 
listen  for  SQL* Net  requests 
from  database  clients. 

SQL* Net  is  the  Oracle  client- 
side  component  that  carries 
SQL  statements  over  a  trans¬ 
port  layer  protocol. 

Typically,  each  dispatcher 
module  distributes  the 
SQL*  Net  traffic  for  about  10 
users.  If  Oracle  launches 
too  few  dispatchers,  incom¬ 
ing  messages  wait  inside 
the  protocol  stack  for  processing. 

On  the  other  hand,  when  database 
transaction  traffic  levels  are  high  and 
Oracle  launches  too  many  dispatchers, 
the  dispatchers  can  overwhelm  a  mem¬ 
ory-  or  CPU-constrained  server. 

SQL  Server’s  programming  incorporates 
as  much  thread  launching  and  process 
management  as  Oracle.  ASE  and  DB2  are 
somewhat  more  restrained  in  their  data¬ 
base  server  CPU  and  memory  consump¬ 
tion,  but  these  products  also  can  pro¬ 
duce  a  CPU-  or  memory-starved  situation 
if  an  overzealous  DBA  tunes  the  data¬ 
base  incorrectly. 

Use  monitoring  tools  to 
properly  tune  the  server 

Fortunately  when  installed  on  Windows 


NT  Server  or  Win  2000  Server, 

Oracle  and  SQL  Server  add  perfor¬ 
mance-monitoring  components  to 
the  Performance  System  Monitor 
snap-in  for  Microsoft  Management 
Console.  Performance  System  Mon¬ 
itor  can  provide  a  wealth  of  detail 
about  database  server  behavior. 

If  your  performance-monitoring 
tool  indicates  the  database  soft¬ 
ware  is  consuming  too  much  CPU 
time,  don’t  automatically  replace 
the  server  with  a  faster  one  or  one 
with  more  CPUs.  Ask  the  DBA  to 
change  the  database’s  tuning 
parameters  to  reduce  the  maxi¬ 
mum  number  of  client-handler 
threads  or  processes  the  server 
can  launch. 

Next,  examine  client  perfor¬ 
mance  and  the  resulting  new  rela¬ 
tionship  among  the  server’s  CPU 
utilization,  network  adapter  utiliza¬ 
tion  and  disk  and  memory  accesses.  If  per¬ 
formance  improves,  the  new  tuning  para¬ 
meters  have  reduced  the  database  soft¬ 
ware’s  process  management  workload  to  a 
level  that  the  process  management  func¬ 
tion  can  handle  more  easily 

If  you  detect  no  improvements,  you  and 
the  DBA  should  continue  your  investiga¬ 
tions  to  find  out  exactly  why  the  database 
software  is  CPU-bound. 

For  example,  ask  if  perhaps  the  SQL 
statements  the  application  emits  are 
more  complex  than  they  need  to  be.  All 
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Oracle's  Resource  Monitor  helps  pinpoint  problems  such  as 
server  CPU  overutilization. 


ware  can  find  the  requested  row(s)  in  rel¬ 
atively  faster  server  memory 
Adding  physical  memory  to  a  server  can 
dramatically  boost  database  performance, 
but  even  the  simple  step  of  making  adjust¬ 
ments  to  the  operating  system’s  paging 
file’s  size  can  help. To  see  why  this  is  so, 
think  of  a  database  server  with  an  exces¬ 
sively  large  paging  file  as  having  two 
copies  of  the  database  on  disk.The  data¬ 
base  disk  file  exists  in  table  and  row  for¬ 
mat,  while  the  paging  file  is  a  byte  address 
representation  of  the  same  data.  When  a 
client  updates  a  row,  the 
database  server  has  to  write 
the  data  twice  on  the  hard 
disk,  once  in  each  format. 

If  you  discover  server 
hard  disk  utilization  is  the 
bottleneck  within  the  data¬ 
base  server,  first  work  with 
the  DBA  to  move  the  data¬ 
base  files  onto  different 
disks  and  perhaps  even  dif¬ 
ferent  disk  controllers  to 
reduce  disk  contention. 
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DB2's  Control  Center  gives  the  DBA  an  excellent  high-level  view  of  the  database. 


four  database  products  have  highly 
sophisticated  SQL  compilers  that  inter¬ 
pret  and  act  on  the  SQL  statements  they 
receive.  But  turning  complex  textual  com¬ 
mands  (such  as  SQL)  into  a  series  of  row 
retrieval  and  update  operations  can  be 
hard  work  for  even  the  best-written  com¬ 
puter  program. 

Similarly,  analyzing  the  server’s  memory 
usage  (paging  or  swapping)  can  help  de¬ 
termine  if  the  database  software  is  making 
efficient  use  of  available  memory  For  the 
sake  of  faster  performance,  these  four 
database  products  keep  in-memory  copies 
of  the  disk  data  that  clients  retrieve  or 
store.  The  database  software  can  avoid  rel¬ 
atively  slow  physical  disk  accesses  if,  in 
processing  a  subsequent  read  request  (for 
example  a  Select  SQL  statement),  the  soft¬ 


If  the  client  side  of  the  applica¬ 
tion  retrieves  large  numbers  of 
rows  and,  within  the  client,  applies 
filtering  or  selection  criteria  to 
those  rows,  high  network  utiliza¬ 
tion  can  result.  A  fat  client,  which 
might  consist  of  Visual  Basic  pro¬ 
grams  running  in  the  client  com¬ 
puters,  for  example,  can  cause 
considerable  network  traffic  when 
program  executable  files  flow  to 
the  clients  across  the  network  or 
when  those  programs  issue  SQL 
requests  that  result  in  the  retrieval 
of  more  than  a  few  rows  of  data¬ 
base  content.  A  T-l  or  slower  WAN 
link  is  sometimes  a  major  bottle¬ 
neck  for  such  an  application. 

Just  adding  bandwidth  might 
not  solve  a  too-high  network  uti¬ 
lization  problem. 

Tuning  the  database  application 
itself  with  programming  enhance¬ 
ments  that  use  the  network  more  frugally 
is  often  the  best  course  of  action.You  and 
the  DBA  can  change  the  tuning  parame¬ 
ters  for  the  database,  but  these  changes 
aren’t  as  likely  to  reduce  network  utiliza¬ 
tion  as  application  programming 
changes. 

The  judicious  use  of  server-performance 
monitoring  and  protocol-analyzer  tools  to 
diagnose  database  performance  prob¬ 
lems  is  as  much  art  as  science.  But  by 
using  your  artful  skills  and  working 
closely  with  the  DBA  and  the  applica¬ 
tion  development  team, you  can  help 
turn  a  sluggish  database  application  into 
a  server-  and  network-friendly  winner  for 
your  company. 

Nance,  a  software  developer  and  consul¬ 
tant  for  29  years,  is  the  author  of  Introduc¬ 
tion  to  Networking,  4th  Edition  and 
Client/Server  LAN  Programming. He  can 
be  reached  at  barryn@erols.com. 


Global  Test  Alliait 


Database  network 
traffic 

An  overly  busy  network 
adapter  in  the  database 
server  (based  on  your  per¬ 
formance-monitoring  tool’s 
charts)  or  much-worse-than-expected  net¬ 
work  utilization  (based  on  your  protocol 
analyzer)  can  mean  application  design 
problems,  a  major  network  bottleneck  or 
other  problems. 

SQL  Server’s  and  ASE’s  protocol  for 
delivering  SQL  to  the  database  server  is 
called  Tabular  Data  Stream  (TDS),  while 
Oracle’s  is  Transparent  Network  Substrate 
(TNS).  Most  protocol-analysis  tools  de¬ 
code  TDS  and  TNS  packets,  but  support 
for  DB2’s  SQL  transport  protocol  is  quite 
rare.  Nonetheless,  as  you  browse  through 
a  collection  of  captured  packets, you’ll 
find  the  text-based  SQL  statements  for  all 
these  database  products  rather  distinc¬ 
tive.  Packets  containing  SQL  statements 
tend  to  stand  out  from  the  rest  of  the  net¬ 
work  traffic. 


■  Nance  is  a  member  of  the  Network 
World  Global  Test  Alliance,  a  cooperative  of 
the  premier  reviewers  in  the  network  in¬ 
dustry,  each  bringing  to  bear  years  of 
practical  experience  on  every  review.  For 
more  Test  Alliance  information,  including 
what  it  takes  to  become  a  member,  go  to 
www.nwfusion.com/alliance. 

Other  members:  Mandy  Andress, 
ArcSec;  John  Bass,  Centennial  Networking 
Labs,  North  Carolina  State  University: 

Travis  Berkley,  University  of  Kansas;  Bob 
Currier,  Duke  University:  Jeffrey  Fritz,  West 
Virginia  University;  James  Gaskin,  Gaskin 
Computing  Services:  Greg  Goddard,  Uni¬ 
versity  of  Florida;  homas  Henderson, 
ExtremeLabs;  Miercom,  Network  Consul¬ 
tancy  and  Product  Test  Center;  David 
Newman,  NetworkTest;  Christine  Perey, 
Perey  Research  &  Consulting.  Barry  Nance, 
independent  consultant;  Thomas  Powell, 

PINT;  Joel  Snyder,  Opus  One. 
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SLM  Solutions:  A  Buyer's  Guide  can  help  set  you 
on  the  path  to  reaching  your  goals. 


Selecting  the  best  products  and  services  for  Service  Level  Management  (SLM)  is  a  tough  challenge. 

SLM  Solutions:  A  Buyer’s  Guide,  has  the  answers  that  you  have  been  looking  for.  Written  by  internationally 
recognized  authorities  on  SLM,  Rick  Sturm  and  Lisa  Erickson-Harris,  it  contains  a  comprehensive  directory 
of  SLM  vendor  products  and  services.  This  book  also  includes  an  introductory  tutorial  about  SLM  with  an 
insightful  section  on  how  to  set  up  an  SLM  program. 

Priced  at  $29.95,  SLM  Solutions  is  a  “must  have”  for  anyone  who  is  serious  about  SLM.  Now  you  don’t 
have  to  endure  the  drudgery  of  researching  SLM  products  and  services.  SLM  Solutions  contains  the 
information  you  need  to  make  solid,  well-informed  decisions. 

Enterprise  Management  Associates  (EMA)  is  an  industry  analyst  firm  focused  specifically  on  management 
software  and  services.  With  the  reputation  of  being  a  leading  authority  on  SLM — and  drawing  upon  its 
work  with  IT  organizations,  service  providers  and  leading  SLM  vendors — EMA  is  pleased  to  offer  you  this 
authoritative  guide. 

To  purchase  SLM  Solutions:  A  Buyer’s  Guide,  visitAmazon.com  or  our  Website  at: 

http://www.enterprisemanagement.com 
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OpenView  wins 
by  a  nose  over 
excellent 
competition 


IU  BY  BARRY  NANCE,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 

f  the  diversity  size  and  lack  of  control  of  your  network  remind  you  of  the  United 
Nations,  your  network  might  be  a  good  candidate  for  a  network  management 
system.  Configuring  devices  to  work  together  smoothly;  translating  wildly  differ¬ 
ent  user  interfaces  into  a  common  vernacular;  dealing  with  congestion,  bottlenecks 
and  outages;  and  just  knowing  what  is  up  and  down  are  some  of  the  jobs  an  NMS  can 
simplify  for  you. 


NMS  products  once  earned  a  poor  reputation  because  of  their  cost,  bulk  and  awk¬ 
ward  interfaces.They  lacked  the  ability  to  comprehensively  manage  every  facet  of  the 
devices  they  supported.  Touted  as  frameworks  for  component-like  network  software 
tools,  they  were  theoretical  successes  but  practical  failures.  All  too  often,  customers 
discarded  NMS,  in  favor  of  management  software  bundled  with  devices, servers,  oper¬ 
ating  systems  or  applications.  NMS  vendors  had  to  go  back  to  the  drawing  board. 

We’re  happy  to  report  the  latest  versions  are  responsive,  easy  to  navigate,  compre¬ 
hensive  and  highly  practical. 

An  NMS  worth  its  salt  —  and  price  —  should  manage,  administer,  update,  monitor, 
report  on,  diagnose,  troubleshoot,  reset,  reconfigure,  audit  (that  is,  inventory)  and 
secure  essentially  your  entire  network.  A  network  administrator  armed  with  a  perfect 
NMS  shouldn’t  have  to  resort  to  vendor-supplied  software  to  manage  users,  groups, 
devices  or  other  network  resources. 

To  find  the  best  NMS  for  your  network,  we  invited  several  vendors  to  send  their  prod¬ 


ucts  to  our  Connecticut  lab  for  evaluation.  Hewlett-Packard  submitted  27  OpenView 
components,  including  Network  Node  Manager  (NNM)  6.31,  Performance  Manager 
and  Performance  Insight  4.5,  Operations  7.0,  Storage  Area  Manager,  Internet  Services 
4.0  and  OpenView  Reporter. 

Computer  Associates  sent  us  UniCenter  3.0,  which  includes  Network  and  Systems 
Management,  Service  Level  Management,  Advanced  Network  Operations  and 
Performance  Management. 

Lucent  shipped  VitalSuite  8.2,  consisting  of  VitalNet,  VitalApps  and  VitalEvent. 
Concord  Communications  submitted  eHealth  5.0,  whose  components  are  Network 
Health,  Live  Health, System  Health  and  Application  Health. 

Declining  to  participate  were  IBM  Tivoli  and  Micromuse,  which  said  they  were 
between  product  versions.  Aprisma  also  declined. 

Our  results  show  that  three  of  the  four  products  scored  well  enough  to  earn  World 
Class  Award  status.  However,  the  official  World  Class  Award  goes  to  OpenView,  for 
excellence  in  managing  devices  through  a  consistent  interface.  Its  monitoring  of  net- 

See  Net  mgmL  systems,  page  52 
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WORLD  4  80 
CLASS  0penView 


RATING 


(ff  {////€/'  Company:  Hewlett-Packard, 
(877)  686-9637,  www.openview. 
hp.com  Price:  OpenView  NNM  6.31  for  HP- 
UX  or  Solaris,  $6,000;  OpenView  Operations 
7.10  for  HP-UX,  $60,000;  OpenView  Perform¬ 
ance  Manager  forWindows,  $12,000;  OpenView 
Internet  Services  LTU,  $18,000,  and  OpenView 
Reporter  3.0,  $30,000.  Pros:  Handles  large, 
diverse  networks  with  ease;  intuitive  interface; 
useful  reports.  Cons:  HP  should  supply  printed 
documentation  with  OpenView. 


470  RATING 

VitalSuite  8.2 


4.65  RATING 

UniCenter  3.0 


4.35  RATING 

eHealth  5.0 


Company:  Lucent,  (888)  683- 
2254,  www.vitalsuite.com  Price: 
VitalNet  starts  at  $35,000, 
VitalApps  starts  at  $31,125,  and 
VitalEvent  starts  at  $36,300. 
Pros:  Excellent  network 
monitoring  and  management 
tool;  intuitive  user  ineterface; 
highly  scalable.  Cons:  Runs  just 
on  Windows. 


Company:  Computer  Associates,  (800) 
225-5224,  www.ca.com.  Price: Tiered,  can 
vary  appreciably  depending  on  processor 
size  and  other  factors.  Starts  at  $1,000. 
Pros:  Highly  graphical  2-D  or  3-D 
interface;  good  reports.  Cons:  CA  should 
supply  printed  documentation  with 
Unicenter;  application  performance 
diagnostics  not  quite  as  good  as 
OpenView’s  orVitalSuite's. 


Company:  Concord  Communi¬ 
cations,  (800)  851-8725.  Price: 
Starts  at  $15, 000. Typical  licenses 
range  from  $100,000  to  $150,000, 
depending  on  infrastructure  size. 
Pros:  Superior  reporting;  highly 
configurable.  Cons:  User  inter¬ 
face  not  quite  as  intuitive  as  the 
other  products. 


What's  the  score? 

OpenView 

UniCenter 

VitalSuite 

eHealth 

Fault  management  15% 

5 

5 

4 

4 

Performance  management  15% 

5 

4 

5 

4 

Reports  20% 

5 

5 

5 

5 

Ease  of  use  20% 

5 

5 

5 

4 

Platform  support  10% 

5 

5 

3 

4 

Documentation  10% 

4 

4 

5 

4 

Installation  10% 

4 

4 

4 

4 

TOTAL  SCORE 

4.80 

4.65 

4.55 

4.20 

•dual  category  scores  are  based  on  a  scale  of  1  to  5.  Percentages  are  the  weight  given  each  category  in  determining  the  total  score.  ■  Scoring  Key:  5:  Exceptional  showing  in  this  category. 

.  "  standard  of  excellence.  4:  Very  good  showing.  Although  there  may  be  room  for  improvement,  this  product  was  much  better  than  the  average.  3:  Average  showing  in  this  category.  Product 
.,  as  i  especially  good  nor  exceptionally  bad.  2:  Below  average.  Lacked  some  features  or  lower  performance  than  other  products  or  than  expected.  1:  Consistently  subpar,  or  lacking  features  being 

reviewed. 
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UNEXPECTED  SPIKE 


lUJIHJ  software 
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HEALING 

PLAY 
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1  ]  WIN  WITH  SELF-MANAGEMENT:  Whether  it’s  boy  bands  or  rubber 
bands,  software  that  effectively  manages  an  e-business  is  essential.  But 
software  that  corrects  problems  before  they  occur? That’s  extraordinary. 


2]  WIN  WITH  TIVOLI:  Unlike  other  solutions  that  tell  you  you’ve  violated 
a  service  level  agreement  after  the  fact,  Tivoli  software  detects 
trends  and  makes  adjustments  before  things  go  awry.  Tivoli.  Part  of  our 
software  portfolio,  including  DB2®  Lotus®  and  WebSphere® 


3]  MAKE  THE  PLAY:  Visit  ibm.com/tivoli/unexpected  and  download 
a  free  buyer’s  guide  on  how  to  meet  your  service  level  agreements. 


@ 'business  is  the  game.  Play  to  win " 


smsssssssssssssssui 


Mnf,,  .  l/U/'inlfl 


www.nwfusion.com 


g>Sw|  Si JgWriwnHTTwfcH*  |  j/ Trftx- Wcrtf*)  j  *jCtx*4P*4 _ JjtJ  IhMA  tta*k  4  '  p—  (  StU  t««M 

EHealth  sports  a  range  of  configuration  options  for  identifying  net¬ 
work  resources  and  error  conditions. 
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work  resources  and  reporting  network 
activities  also  shined.  OpenView  scales 
well,  runs  on  several  different  platforms 
and  makes  network  administration  much 

easier. 

Fault  and  performance  management 

We  found  Open  Views  core  component, 
NNM,  especially  proficient  at  discovering 
the  network,  tracking  devices,  displaying 
graphical  network  maps,  capturing  and 
providing  device  statistics,  and  processing 
incoming  SNMP  alerts. 

NNM  uses  Management  Information 
Bases  (M1B)  from  various  sources,  includ¬ 
ing  bridges  and  repeaters.  It  displays  some 
Layer  2  data,  but  for  the  most  part  NNM 
maps  Layer  3  details.  It  also  applies  prede¬ 
fined  MIB  expressions  (provided  by  HP). 
This  impressive  list  includes  utilization  and 
error  percentages,  total  packets  by  category 
(in, out  and  errors),  retransmits, Cisco  mem¬ 
ory  utilization,  and  full-duplex  utilization 
percentage.  NNM’s  root  cause  problem 
analysis  helped  us  zero  in  on  the  specific 
device  causing  an  outage  or  slowdown  in 
each  test. 

Open  View’s  Internet  Services  is  an  excel¬ 
lent  tool  for  tracking  service-level  agree¬ 
ment  (SLA)  violations.  For  services  we 
defined,  from  general  Web  access  to  partic¬ 
ular  e-commerce  transactions,  it  noted 
availability  and  response-time  details,  and 
alerted  us  when  SLA  parameters  were 
exceeded.  We  especially  liked  the  Perform¬ 
ance  Manager  component.  Via  agents  we 
installed  on  target  servers,  it  gave  us  a 
wealth  of  information  about  network 
resource  utilization  that  we  found  useful 
for  problem  determination,  trend  analysis 
and  capacity  planning. 

For  Web-based  applications,  OpenView 
Transaction  Analyzer  successfully  pin¬ 


pointed  performance  bottlenecks  and  con¬ 
gestion  points.  However,  Transaction  An¬ 
alyzer  isn’t  as  comprehensive  or  precise  as 
VitalSuite’s  Transact  Toolkit. 

Unicenter’s  event  management  im¬ 
pressed  us  with  its  highly  organized  and 
easily  accessed  catalog  of  network  activi¬ 
ties  and  incidents.  When  we  wanted  to  see 
the  greatest  amount  of  information  about 
one  or  more  events,  the  Event  Console 
within  Unicenter’s  Enterprise  Manager  eas¬ 
ily  and  quickly  revealed  the  repository’s 
wealth  of  detail.  Creating  a  new  event  type 
is  simply  a  matter  of  supplying  parameters 
such  as  domain,  node  ID,  device  type,  error 
condition  characteristics  and  an  action  to 
take  when  the  error  occurred. 

We  liked  the  way  the  Network  and 
Systems  Management  tool  made  quick 
work  of  locating  our  network’s  deliberately 
caused  trouble  spots.  The  tool  highlighted 
problems  beginning  at  the  top  level,  saving 
us  from  looking  at  downstream  errors  not 
directly  related  to  the  real  problem.  Via  its 
agents,  Unicenter  monitored  our  network 
segments,  devices  and  servers.  Not  quite  as 
comprehensive  or  full-featured  as  Vital¬ 
Suite’s  or  OpenView’s  performance  analysis 
tools,  Unicenter’s  Performance  Man¬ 
agement  component  is  nonetheless  highly 
useful  for  staying  on  top  of  potential  net¬ 
work  and  server  problems.  Based  on  thresh¬ 
olds  we  set,  Unicenter’s  agents  detected 
imminent  problems  and  sent  traps  (alerts) 
to  Unicenter’s  Distributed  State  Machine, 
which  analyzed  the  event,  recorded  it  in 
Unicenter’s  event  repository  and  signaled 
the  Network  and  Systems  Management  tool 
to  display  the  object’s  critical  status. 

For  detecting  problems  before  they  hap¬ 
pen,  Unicenter’s  Historian  analyzes  net¬ 
work  events  and  activities  to  show  base 
lines,  trends  and  projections  for  periods 
you  select. 

VitalSuite  is  a  cohesive  collection  of  com¬ 
ponents  for  monitoring  network  activity 


ensuring  SLA  com¬ 
pliance,  tracking  net¬ 
work  performance 
and  watching  over 
applications  and 
their  transactions. 

VitalSuite  accurately 
and  easily  pin¬ 
pointed  deliberately 
caused  connectivity 
faults  and  perfor¬ 
mance  slowdowns 
in  all  our  tests  (See 
How  we  did  it, 
page  54). 

VitalSuite  consists 
of  VitalNet,  VitalAnal- 
ysis,  VitalHelp,  Vital- 
Agent,  AutoMon  and 
the  Transact  Toolkit. 

VitalNet  collects  data  from  SNMP-aware 
devices  and  from  desktop  computers 
where  you’ve  installed  theVitalAgent  client 
software. VitalNet  relays  the  information  to 
VitalAnalysis  and  VitalHelp.  VitalAnalysis 
monitors  applications  and  maintains  an 
historical  analysis  of  system  and  applica¬ 
tion  performance  and  trends.  For  capacity¬ 
planning  and  other  purposes,  it  stores  a 
year’s  worth  of  data  in  the  included 
Microsoft  SQL  Server  database. 

VitalHelp  assesses  the  health  of  TCP/IP- 
based  applications. When  it  determines  the 
cause  of  a  problem,  VitalHelp  posts  alerts 
to  a  network  administrator  via  e-mail,  pager 
or  SNMP  traps  to  an  NMS  such  as 
OpenView.  VitalSuite’s  AutoMon  is  a  script- 
driven  synthetic  transaction  engine,  and 
the  Transact  Toolkit  lets  programmers 
define  unique  business  application  trans¬ 
actions  for  VitalSuite  to  monitor. 

Concord’s  Live  Health  actively  polls 
SNMP-manageable  devices  to  determine 
their  status  and  condition, and  it  displays  in 
real  time  Live  Health’s  detection  of  faults, 
potential  outages  and  response-time 
delays.  Network  Health  monitors  the 
performance  and  availability  of 
WAN  interfaces,  routers,  switches, 
Frame  Relay  circuits  and  remote 
access  equipment.  System  Health 
monitors  servers  and  clients  to  alert 
administrators  to  application  perfor¬ 
mance  problems,  server  crashes  and 
disk  space  shortages.  Application 
Health  is  a  transaction-oriented  col¬ 
lection  of  tools  for  determining  the 
cause  of  poor  application  response 
times.  An  Application  Assessment 
component  of  Application  Health 
keeps  watch  over  server  software. 

Like  VitalSuite,  eHealth  is  an 
OpenView  complement  because  it 
too  sends  SNMP  alerts  that 
OpenView  can  process.  However, 
VitalSuite  and  eHealth  are  primarily 
monitoring  tools,  and  they  lack 
OpenView’s  and  Unicenter’s  ability 
to  manage,  control  and  configure  a 
wide  breadth  of  devices. 

EHealth’s  discovery  process  is 
quick  and  accurate.  By  default, 
eHealth  discovers  network  nodes 
daily  at  midnight,  but  users  can  run 


the  discovery  process  interactively  or 
schedule  discovery  to  occur  on  specific 
days  and  at  specific  times. 

At  5-minute  intervals  (or  less  often,  if  you 
wish), the  SNMP  polling  process  probes  the 
condition  and  status  of  network  devices. 
EHealth  understands  a  plethora  of  MIBs, 
and  it  correctly  recognized  specific  Lucent 
and  Cisco  router  models,  Hitachi  switches 
and  all  the  other  devices  in  our  lab. 
Concord  supplies  MIB  definitions  for  more 
than  500  SNMP-aware  devices.  EHealth 
uses  these  MIBs  for  determining  device 
performance  and  availability  It  stores  the 
collected  network  device  information  for 
six  weeks  in  its  bundled  Open  Ingres  data¬ 
base.  Via  Open  Database  Connectivity, 
eHealth  also  worked  well  with  the  Oracle, 
Sybase  and  Microsoft  relational  databases 
in  our  tests. 

Initially,  eHealth  builds  a  baseline  that 
characterizes  a  network’s  normal  behavior. 
It  excels  thereafter  at  highlighting  out-of- 
the-ordinary  events,  such  as  excessively 
high  or  low  traffic  through  a  router  or 
switch  port,  based  on  a  set  of  multifaceted 
and  highly  configurable  rules.  EHealth’s 
default  rules,  which  are  easy  to  tune  and 
tweak,  perfectly  adequate  for  our  network. 
The  rules  help  eHealth  identify  exceptions 
such  as  a  WAN  port  whose  activity  varies 
wildly  from  its  historical  day-of-week  and 
time-of-day  historical  usage  patterns.  Once 
eHealth  displays  an  exception,  a  network 
administrator  can  choose  to  monitor  the 
problem  device  in  what  Concord  calls  fast 
mode,  in  which  eHealth  polls  the  device  up 
to  twice  a  minute.  EHealth  offers  real-time 
monitoring  of  server  parameters  such  as 
CPU  utilization,  memory  usage,  memory 
paging/swapping  and  log  file  entries. 

Reports 

All  four  products  produced  excellent, 
highly  useful  reports  in  our  tests.  We  espe¬ 
cially  liked  OpenView's  Performance  Man¬ 
ager  network  metrics,  Unicenter’s  Severity 
Browser,  VitalSuite’s  Heat  Chart  and 
eHealth’s  ability  to  emit  Acrobat  PDF  files. 

OpenView’s  NNM  report  generation  is  so 
easy  it  took  just  a  few  minutes  to  generate 
daily  reports  on  general  availability,  Cisco 
routers,  top  talkers  and  asset  inventory 
See  Net  mgmt.  systems,  page  54 
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OpenView  displays  information  such  as  network  maps,  statistical  charts  and  event  details. 


1  ]  WIN  WITH  INTEGRATION:  Nothing  fishy  about  it.  For  an  e-business 
to  thrive,  all  your  business  processes,  from  supplier  to  customer,  must 
work  together  seamlessly.  It’s  the  key  to  a  profitable  infrastructure. 

2]  WIN  WITH  WEBSPHERE:  As  the  world's  #1  integration  software, 
WebSphere  is  the  leading  software  platform  for  integrating  business 
processes,  applications,  platforms  and  people.  WebSphere.  Part  of 
our  software  portfolio  including  DB2?  Lotus®  and  Tivoli.® 

3]  MAKE  THE  PLAY:  Visit  ibm.com/websphere/integrate  and 
see  a  Webcast  on  how  WebSphere  can  help  cut  integration  costs. 


(e)  business  is  the  game.  Play  to  win. 
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continued  from  page  52 

NNM’s  delivery  of  performance  data  via 
*  i  iai!  reports,  which  contain  HTML  links 
to  individual  devices,  was  simple  to  set  up 
and  thoughtfully  designed  for  use  over 
bandwidth-challenged  dial-up  remote  con¬ 
nections.  NNM  also  gave  us  useful  statistics 
on  our  networks  protocols.  OpenView 
Reporter  is  a  flexible,  comprehensive  tool 
for  mining  OpenView’s  plethora  of  network 
detail.  Configuring  Reporter  to  produce 
custom  reports  is  fairly  simple,  but  not 
quite  as  straightforward  as  defining  reports 
in  VitalSuite.You  can  tell  Reporter  to  format 
its  reports  for  printing  or  as  Web  pages.  Its 
performance  data  graphs  are  revealing  and 
helpful,  but  OpenView’s  Performance 
Manager  is  the  ultimate  in  performance 
monitoring.  Performance  Manager  has  a 
graphing  function  for  monitoring  perfor¬ 
mance  in  real  time,  a  zoom  feature  for  see- 


■  How  we  did  it 


W  e  evaluated  each  product's 
ability  to  manage,  administer, 
update,  monitor,  report  on, 
diagnose,  troubleshoot,  reset,  recon¬ 
figure,  audit  (inventory)  and  secure 
network  devices,  server  computers 
and  client  computers.  Virtually  all  our 
testing  took  place  across  WAN  links. 

In  our  management  tests,  we  ad¬ 
ministered  users,  groups,  servers, 
clients,  routers,  switches,  remote 
storage  and  DSU/CSUs.  Our  servers 
included  Web,  file,  application  and 
database  servers. 

The  ability  to  resolve  a  problem 
automatically  was  a  plus.  We  tested 
the  sending  of  SNMP  alerts  and  the 
processing  of  incoming  alerts.  We 
produced  reports  to  show  device  and 
computer  status  information,  inven¬ 
tory  results,  network  usage  trends, 
security  breaches,  availability  and 
uptime  information,  network  baseline 
information  and  graphical  maps  of 
the  network.  We  also  tested  any  spe¬ 
cial  features  the  product  offered. 

Our  lab’s  computing  environments 
included  Windows  NT/98/2000/ME, 
Solaris  8.0,  Macintosh  System  8  and 
OS/2  Warp  4.0.  Relational  databases 
on  the  network  were  Oracle  8i,  IBM 
DB2  Universal  Database,  Sybase 
Adaptive  Server  12.5  and  Microsoft 
SOL  Server  2000.  The  transport  pro¬ 
tocols  on  the  network  were  TCP/IP, 
IPX,  AppleTalk  and  SNA.  An  Agilent 
Advisor  protocol  analyzer  eaves¬ 
dropped  on  the  network  traffic  to 
reveal  overall  utilization  and  detailed 
dialog  mossagos. 

We  ran  each  network  management 
product’s  server  component  on 
Windows  NT  Server  4.0  and  Windows 
2000  Advanced  Server. 


ing  network  metrics  in 
greater  detail  for  a  specific 
time  period  and  multiple 
graphing  options  (includ¬ 
ing  linear,  exponential  and 
s-curve,  all  with  confi¬ 
dence  levels).  Trend 
Performance  Manager,  a 
repository  and  database 
engine,  and  Performance 
Insight  for  Networks  add 
the  ability  to  accurately 
forecast  network  resource 
utilization. 

Unicenter  provides  a 
variety  of  helpful  reports. 

The  Java-based  Manage¬ 
ment  Portal  component, 
consisting  of  notification 
summary  pages,  Business 
Process  View  pages  and  SLA  pages,  shows 
an  expandable  tree  view  of  business  enti¬ 
ties  you  specify  For  the  entire  corporation 
and  for  each  entity  the  Management  Portal 
workplace  shows  utilization  levels,  error 
events  and  SLA  violations.  Drilling  down 
through  the  workplace  to  see  smaller 
groups  of  network  resources  or  a  specific 
resource  takes  just  a  few  mouse  clicks. 
Unicenters  Topology  Browser  shows  man¬ 
aged  objects  for  the  portion  of  the  compa¬ 
ny  you’ve  selected,  while  the  Severity 
Browser  takes  you  directly  to  detailed 
event  data  identifying  the  resources  associ¬ 
ated  with  an  outage  or  performance  slow¬ 
down. 

VitalSuite’s  key  report,  Heat  Chart,  made 
troubleshooting  application  bottlenecks  a 
breeze  with  its  at-a-glance  identification  of 
problems  and  their  causes.  Each  Heat 
Chart  displays  a  color-coded  matrix  of 
application  performance  factors  and  com¬ 
puting  components,  termed  resource  class¬ 
es.  And  each  Heat  Chart  cell  corresponds 
to  a  resource  class  and  a  performance  met¬ 
ric.  Heat  Chart  cells  change  color  to  indi¬ 
cate  the  health  of  the  underlying  comput¬ 
ing  resources  that  comprise  each  corre¬ 
sponding  resource  class. 

VitalSuite  reports  application  perfor¬ 
mance  data  in  three  views:  Business,  Appli¬ 
cations  and  Reports.  Customizing  the 
Business  view  as  My  Vital  or  My  Business  is 
a  preference  you  can  configure,  with  each 
view  a  different  way  of  looking  at  perfor¬ 
mance  metrics  from  application  and  net¬ 
work  statistics.  The  My  Vital  personal  Web 
page  is  highly  configurable  and  uses  pass¬ 
word  protection  to  restrict  access  to  and 
configuration  of  the  page. The  Applications 
view  groups  tab-indexed  information  into 
categories  such  as  domains,  groups,  clients 
and  servers.  Each  tab  index  displays  net¬ 
work-related  application  performance  cri¬ 
teria,  including  lost  packets,  round-trip  de¬ 
lays,  availability  response-time  throughput, 
and  client,  network  and  server  delay  times. 

Producing  useful  and  easy-to-understand 
network  status  reports  is  a  Concord  strong 
suit.  EHealth's  reports  showed  device  infor¬ 
mation  by  time  period,  relationship  to  the 
organizational  structure  and  type  of  behav¬ 
ior  or  exception.  We  could  see  devices  that 
experienced  problems, by  type  of  problem, 
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Unicenter's  Explorer-like  interface  can  show  network  maps  in  2-D  or  3-D 


and  those  associated  with  a  particular 
application.  EHealth’s  reports  are  excellent 
for  capacity  planning,  monitoring  Web  site 
responsiveness,  guarding  against  network 
hacking  attempts  and  tracking  hardware 
and  software  assets.  EHealth  can  display  its 
reports  through  its  quick  and  responsive 
Web  interface,  or  it  can  generate  Adobe 
Acrobat  PDF  files  for  viewing  or  printing. 

Ease  of  use 

NMS  user  interfaces  used  to  be  ponder¬ 
ously  slow  and  confusing.  Fortunately  ven¬ 
dors  have  completely  revamped  their 
native  operating  system  consoles  and  aug¬ 
mented  them  with  smart-looking,  well-de¬ 
signed  Web-based  instrument  panels. 

in  addition  to  its  native  mode  (Windows 
or  Unix)  display  OpenView  NNM  sports  a 
browser-based  interface.  NNM  is  an  intuitive 
tool  that  makes  network  management  easy 
NNM’s  native  mode  display  basically  offers 
report  scheduling,  configuration  and  filter¬ 
ing  options,  network  maps,  event  notifica¬ 
tions, device  detail, statistics  and  alarms.The 
Java  client  can  show  network  maps,  device 
detail,  alarms  and  a  variety  of  reports,  in¬ 
cluding  asset  inventory  NNM’s  dynamic 
Web  pages  are  especially  well-designed. 
Easy  and  clear  filters  make  it  possible  to 
manage  large  networks  with  NNM. 

Unicenter  offers  tree-view,  tabular,  2-D  and 
3-D  manipulation  and  display  of  its  man¬ 
aged  objects.  For  global  companies,  the  3-D 
display  shows  a  firm’s  entire  network  on  a 
rotating  representation  of  Earth.  If  a  site  is 
having  problems,  Unicenter  draws  a  red 
ball  over  the  site.  Each  click  on  a  red  ball 
takes  you  to  a  city,  a  data  center  site,  a  net¬ 
work  domain,  a  network  segment  and  the 
device  or  server  associated  with  the  error. 

On  the  2-D  map,  Unicenter’s  interface 
also  uses  screen  colors  to  its  advantage. 
If  Server  XYZ  is  exhausting  its  memory 
resources.  Unicenter  colors  XYZ’s  net¬ 
work  domain  red  (from  green).  Drilling 
down  through  the  tree  displays  ever- 
increasing  network  segment  detail 
regarding  the  context  of  the  error  until 
you  come  to  Server  XYZ’s  “Physical 
Memory”  error  condition. 

The  Unicenter  Management  Fbrtal  is  an 
intuitive,  Web-based  tree  view  of  business 
entities  and  the  network  resources  the  enti¬ 


ties  use. The  3-D  display  is  fun  to 
use,  but  we  found  ourselves 
spending  most  of  our  time  in  the 
Management  Fbrtal  as  we  man¬ 
aged  our  network  with 
Unicenter. 

We  especially  liked  VitalSuite’s 
responsive  and  intuitive  user 
interface.  It  was  surprisingly 
H  easy  to  use  in  light  of  its  com¬ 
plexity.  VitalSuite’s  flexible  archi¬ 
tecture  impressed  us  with  its 
ability  to  handle  a  variety  of 
business  application  environ¬ 
ments.  VitalSuite  is  so  finely 
scalable  you  can  choose  to 
install,  for  example,  the  report¬ 
ing  server  module  on  a  separate 
computer. 

EHealth  presents  its  collected 
performance  metrics  and  device  status 
data  via  a  browser-based  interface,  a  serv¬ 
er-based  console  and  Adobe  Acrobat- 
based  reports.  EHealth  also  can  send 
device  status  and  condition  data  to  net¬ 
work  management  products  such  as  HP 
OpenView.  It  graphically  depicts  the  net¬ 
work  as  a  “fish  bone” —  a  spine  whose  ribs 
represent  the  different  network  segments. 

EHealth’s  server  console  uses  SCO’s 
XVision  PC  X  server  to  display  screen  data. 
As  a  result,  eHealth’s  user  interface  scored 
a  bit  lower  because  it  isn’t  quite  Windows 
nor  pure  X-Windows  but  a  hybrid  of  both. 
Via  its  SystemEdge  component,  eHealth 
can  e-mail  or  page  someone  when  a  prob¬ 
lem  occurs,  and  it  offers  links  to  third-party 
help  desk  programs.  It  also  can  restart 
failed  processes  automatically 

OpenView,  Unicenter  and  eHealth  run  on 
many  platforms,  including  various  Unix  fla¬ 
vors  and  Windows  NT/2000.  Some  Open- 
View  and  Unicenter  components  even  run 
on  mainframe  and  AS/400  computers.  But 
not  all  components  run  on  all  supported 
platforms.  Unicenter’s  Web-based  Man¬ 
agement  Fbrtal  requires  Java  on  NT/2000. 
On  the  other  hand,  Unicenter  has  special 
support  for  displaying  system  events  on  or 
accepting  commands  (such  as  rebooting  a 
particular  server)  from  a  wireless  Fbcket 
PC. VitalSuite  runs  on  NT/2000. 

Despite  their  complexity, all  four  products 
are  easy  to  install  and  have  excellent  on¬ 
line  documentation.  Only  Lucent  supplied 
full  printed  documentation  with  its  prod¬ 
uct.  CA  and  Concord  also  provided  Getting 
Started  guides. 

Conclusion 

All  four  products  are  mature,  well-crafted 
and  thoughtfully  designed.  We  suffered 
nary  a  crash  during  our  testing.  With  its 
wealth  of  features,  useful  reports  and  con¬ 
sistent  user  interface,  OpenView  emerged 
the  winner.  However, each  product  is  an  ex¬ 
cellent,  worthwhile  addition  to  large  net¬ 
works  in  need  of  management  and  control. 

Nance,  a  software  developer  and  consul¬ 
tant,  is  the  author  of  Introduction  to 
Networking,  4th  Edition  and  Client/Server 
LAN  Programming.  He  can  be  reached  at 
barrvn@erols.  com 
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EASIER  TO  MANAGE, 
SAVES  MONEY. 
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SLAM  DUNK  FOR  THE 
NEW  LOTUS  NOTES. 


Introducing  Lotus  NotesVDominolu  6.  It's  the  easiest  to  manage,  most  cost-effective 
Notes/Domino  ever.  It  streamlines  administration,  frees  up  network  resources  and 
slashes  downtime.  Storage  costs  can  fall  by  up  to  15%.  Notes/Domino  6  has  unsurpassed 
power  and  control  for  managing  thousands  of  users.  Lotus,  part  of  the  software  team 
that  includes  WebSphere!  DB2®  and  Tivoli®  Take  a  test-drive  at  ibm.com/lotus/win 
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■  CAREER  DEVELOPMENT 

■  PROJECT  MANAGEMENT 

■  BUSINESS  JUSTIFICATION 


Managing  technology  turnover 

I  IT  execs  share  tips  for  squeezing  new  life  out  of  surplus  gear  and  disposing  of  old  equipment. 


BY  SUZANNE  GASPAR 


A  decade  of  annual  corporate  acquisitions 
has  kept  Devon  Energy’s  IT  department  on 
a  treadmill  of  systems  integration,  but  the 
business  growth  also  has  generated  a  slew 
of  extra  resources. 


Some  companies  brought  in  a  battery  of  tools  including 
AS/400  servers,  Windows  desktops  and  Sun  workstations, 
and  industry-specific  applications,  while  others  con¬ 
tributed  older,  unusable  items  needing  retirement.  The  IT 
department  exhausted  thousands  of  hours  on  transition 
work  in  consecutive  six-  to  eight-month  cycles.  Deciding 
what  to  keep  and  what  to  toss  has  been  part  of  the  daily 
grind  in  managing  steady  growth,  says  Rick  Manner,  vice 
president  and  CIO  of  IT  for  the  oil  and  gas  producer  in 
Oklahoma  City 

Surplus  technology  is  a  common  result  of  corporate 
mergers  and  acquisitions. Yet  scheduled  upgrades,  project 
changes  and  just  plain  obsolescing  hardware  can  con¬ 
tribute  to  the  constant  churn  of  IT  gear. Inventory  tools  can 
ease  the  job  of  managing  the  reallocation  of  hardware  and 
application  licenses,  while  tech  recycling  and  disposal 
providers  can  help  get  rid  of  what  you  don’t  need. 

At  Devon,  the  synergy  between  acquired  corporations 
has  let  IT  trim  some  low-end  and  older  hardware  across 
the  corporation. 

IT  constantly  evaluates  device  condition  and  uses  asset 
management  tools  from  Altiris  to  identify 
newly  acquired,  nonstandard  and  inferi¬ 


or  equipment.  Devices  falling  below  the  minimum  get 
upgraded  to  the  standard  of  a  2-GHz,  Pentium  4  desktop 
with  a  512M-byte  hard  disk  or  a  Sun  Blade  1000  Unix 
workstation. 

“You  do  pick  up  a  few  extra  pieces  of  equipment  be¬ 
cause  you  have  combined  two  companies  and  cut  out 
some  commonality’  Manner  says,  referring  to  consolida- 
tion.The  upside,  though,  is  that  the  cream  of  the  crop  hard¬ 
ware  improved  Devon’s  IT  assets.“We’ve  got  the  talent  and 
the  systems  up  to  what  I’ll  call  ‘state  of  the  practice,”’ 
Manner  says. “As  new  acquisitions  come  up,  there  will  be 
more  reductions  and  savings.” 

Assessing  and  selecting  the  best  hardware  and  software 
assets  among  two  companies  is  easy  when  both  parties 
share  common  platforms  and  systems. 

Devon  saved  money  by  letting  maintenance  fees  expire 
for  NetWare  because  it  won’t  be  used.  Reductions  from 
the  merging  of  exploration  and  production  workers  has 
also  freed  some  expensive  applications,  letting  IT  shuf¬ 
fle  extra  GeoQuest  and  Landmark  E&P  software 
licenses  to  other  locations. 

Manner  says  he  sees  application  licenses  as 
renewable  assets.  It’s  less  expensive  to  renew  the 
maintenance  contract  than  it  is  to  buy  new  licen¬ 
ses,  he  says,  and  IT  budgeted  $6  million  in  main¬ 
tenance  fees  this  year.  “You  pay  maintenance 
on  the  licenses  you’re  going  to  use.  Many 
times  we’ll  know  that  we’re  going  to 
grow  in  an  area,  and  we’ll  just  hang 
on  to  those  and  renegotiate  y . 
when  the  contracts  are 


Taking  out  the  trash 


Here  are  some  things  to  think  about  when  disposing  of  old  equipment: 


•  Prepare  an  itemized  inventory  list  of 
hardware  that  includes  serial  numbers, 
quantity  and  weight  of  the  items. 

•  Research  a  tech  disposal  service  for 
the  types  of  hardware  it  handles, 

’  geographic  reach  and  compliance  with 
regulations. 


•  Use  tech  disposal  providers  that 
certify  proper  recycling  of  hardware. 


•  Incorporate  the  hardware's  recycle 
and  disposal  path  into  your  asset 
management  system  to  meet  poten¬ 
tial  privacy  compliance  audits. 


Required  upgrades  and  outgrown  hardware  are  the  most 
common  way  that  assets  pop  up  in  Northern  Trust’s  IT 
inventory,  says  Lisa  Coffman,  vice  president  of  IT  for  the 
Chicago  firm. 

Hardware  hitting  the  end  of  its  life  cycle  is  replaced  reg¬ 
ularly  and  user  needs  drive  asset  requirements.“It  may  be  a 
group  that  needs  a  special  kind  of  network  card  to  support 
a  certain  application  that  they  use  or  a  function  that  they’re 
doing,  and  an  older  machine  may  not  accommodate  that 
newer  hardware,”  Coffman  says. 

While  budgeting  is  done  annually,  Northern  Trust’s  IT 
department  conducts  reallocation  planning  on  a  daily 
basis. 

The  company  uses  LanDesk  and  Remedy  tools  to  track 
current  and  future  needs  per  processor  and  memory 
requirements  of  staffers  who  are  targeted  for  upgrades. 

Coffman  says  it’s  a  domino  effect,  and  resources  are  shift¬ 
ed  monthly  because  something  has  come  up  or  it’s  time  to 
move  forward  with  a  project.  “We  look  at  what  they’re 

requesting, what  was  budgeted, and  what  else  is  going  on,” 
she  says.  “While  our  investment  group  needs  the 
fastest  machines,  other  groups  are  sitting  there  on 
low-end  machines.  We’ll  reuse  intermediate-level 
assets  for  another  group  and  replace  machines  that 
are  ready  to  fall  off  the  books.” 

Each  Northern  Trust  location  works  with 
an  equipment  disposal  vendor  to  get  rid 
of  unwanted  machines,  but  IT  is  work¬ 
ing  to  find  a  global  service  for  recy¬ 
cling  and  certifying  hardware 
destruction. 

Tech  disposal  firms  also  can  help 
with  donation  efforts,  says  Nicole 
Lee,  business  adviser  for  the  foun¬ 
dation  department  of  BP  in 
Chicago. 

The  last  PC  upgrade  across  the  ener¬ 
gy  corporation  freed  13,000  pieces  of 
equipment,  desktops,  monitors,  key¬ 
boards  and  the  like,  which  the  BP 
Foundation  donated  to  nonprofit 
I  groups.  Redemtech  cleaned  and  broke 
vn  the  equipment  and  then  shipped 
hnology-For-All  nonprofit 
Technology-For-All  staff 
of  the  PCs  with  new 
;  and  memory  for  char- 
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•  •  Assume  all  hardware  contains 
proprietary  data  and  work  with  a 
-•  .provider  to  wipe  hard  drives  clean. 


•  Check  on  tax  credits  and  other  financial 
perks  for  acting  in  an  environmentally 
responsible  manner. 


■  •  • 
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i  nice  way  to  put  surplus 
through  the  nor- 
ies  to 


Rick  Manner  and  his  staff  at 
thousands  of  hours  cataloging  and 
hardware  and  software  after  mergers  and 
acquisitions. 
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IT  Certification  Training  Videos 


It  s  REALLY  good  training . 


♦  MCSE  Videos 
♦  CCNA  Videos 
♦  Linux+  Videos 
♦  CompTIA  Videos 
♦  MOUS  Videos 


Try  Before  you  Buy.. .free  streaming  videos 
at  cbtnuggets.com. ..actual  content. 


IT  Certification  training  can  be  expensive,  frustrating,  and  ineffec¬ 
tive.  CBT  Nuggets  training  videos  are  the  answer.  They  are 
aggressively  priced,  very  convenient,  and  a  comprehensive  solution 
to  your  training  needs.  The  format  is  innovative,  and  very  efficient, 
but  the  bottom  line  is  this:  It’s  really  good  training!  See  the  reviews 
and  customer  comments,  or  view  actual  content  videos  for  free  at 
cbtnuggets.com. 


Cisco  CCNA  package 

(20  hours  of  video)  only  $299. 


Call  us  or  go  online  and  use  the  following  discount  code  to 
receive  an  additional  5%  off  your  first  order:  NW543 


The  Hub  of  the  Network  Buy 


Paul  L.  Greene 

Director  of  Information  Security 

NeuStar,  Inc. 
www.neustar.biz 


NeuStar  operates  the  registry  of  all 
North  American  telephone  numbers 
the  database  that  North  American 
carriers  use  to  route  billions  of 
telephone  calls  daily  and  runs  both 
the  .us  and  .biz  registries. 


/  V euStar's  unique  service  and  position  in  the  telecommunications  industry  make  it  a  target  of  attacks 
We  need  rock  solid'  security  and  a  vendor  who  understands  what  that  means.  CyberGuard  was  the  first 
in  the  world  to  achieve  EAL4  certification  for  its  firewall  appliances;  that  really  impressed  us. 

“We  knew  they  would  be  capable  of  providing  the  level  of  sophisticated  security  support  we  needed  and 
we  have  not  been  disappointed:  their  technical  suppoit  team  knows  security  and  CyberGuard  s  ability  to 
deliver  on  everything  they  promised  enabled  us  to  meet  our  tight  deadline  for  deliverables  Today,  we  have 
CyberGuard's  firewall  appliances  in  three  countries 

“I  have  an  experienced  team,  but  on  more  than  one  occasion  I  had  to  enlist  the  help  of  a  junior  engineer 
to  install  the  firewall.  I  was  able  to  talk  them  through  the  process  over  the  phone.  I  in  happy  to  repoit  that 
those  systems  have  been  functioning  in  a  production  environment  for  over  one  year  without  a  hitch  And 
CyberGuard  rocks  the  competition  in  the  performance  impact  category " 


CyberGuard's  security  solutions  are  found  in  Fortune  1000  companies  and  governments  worldwide  CyberGuard's 
award-winning  premium  firewall/VPN  appliances  maintain  complete  separation  of  network  traffic  from  system 
components 


Phone:  954.958.3878 

e-mail:  info@cyberguard.com 

For  white  papers  on  Rock  Solid  Security  go  to 

rocksolid.cyberguard.com 

Copyright  2002  CyberGuard  Corporation  All  rights  reserved. 


DEFEND  YOUR  DOMAIN 


RECORD  AND 
STORE 


STREAM  AND 
TRANSFER 


PLAYBACK 


D  Quality  Video 
Anytime,  Any  Network! 


VBSTAR  is  a  revolutionary  new  video  product  from  VBrick 
Systems!  It  streams  live  MPEG-2  video  over  IP,  records  it  to  an 
internal  hard  drive,  sends  it  over  the  Internet,  and  plays  it  back 
anywhere,  anytime. 

www.vbrick.com/vbstar.asp 


systems.  inc. 

1  (866)  VBRICK- 1  (866-827-4251) 


Need  A  Remote  Power 


On-Command  Power  Switching  for  your 
Network  Equipment...  from  Anywhere! 


Applications: 

Remote  Power  Management 
X  Servers 

X  Routers  Firewalls  DSU/CSU's 
X  Web  Cams 

Turn  On/Off  any  AC  or  -48VDC 
Powered  equipment  via  telnet, 
modem  or  local  terminal. 

Electronic  equipment  sometimes  "locks- 
up"  requiring  a  service  call  just  to  flip 
the  power  switch  to  do  a  simple  reboot. 
With  WTI  Remote  Power  Switches  you 
have  the  ability  to  perform  this  function 
from  anywhere  on  the  LAN/  WAN,  or  if 
the  network  is  down,  to  simply  dial-in 
from  a  modem  for  out-of-band  control. 

For  over  a  decade  WTI  has  been 
leading  the  way  in  Remote  Power 
Switching  technology  offering  more 
products  choices  for  small  or  large  scale 
remote  management  strategies. 

Our  switches  are  now  installed  in 
thousands  of  sites  world  wide.  Our 
customers  know  they  can  depend  on 
our  superior  quality  and  reliability  for 
their  most  mission-critical  operations. 


EIGHT  PLUG  -  DUAL  BUS 


©  Dual  15  Amp  Circuits 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 
©  User  plus  Admin  Security  Features 
©  115VAC  and  230 VAC  Models 


HIGH  CURRENT  -  DUAL  BUS 


NPS-2HD 


©  Ideal  for  CISCO  6500/7500 
©  Dual  20  Amp,  115VAC  Circuits 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 

CODE  ACTIVATED  - 
EXPANDABLE 


TWO  PLUGS  -  LOW  COST 


©  Two  Addressable  Plugs 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 
©  1 1 5 VAC  and  230VAC  Models 
©  Manual  on/off  Buttons 


DUAL  BUS  -48VDC 


©  Dual  -48VDC,  40  Amp  Circuits 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 
©  On/Off/Reboot  Switching 

FIVE  CIRCUIT 
-48VDC  POWER  BAR 


Yes,  we  are  customer  friendly! 

X  Two  year  warranty 
X  We  stock  for  same  day  shipment 
X  30  day  return  policy 
X  Start-up  cables  and  rack  ears  included 

Want  an  on-line  demo? 

Just  call  or  e-mail  and  you'll  see  for 
yourself  why  so  many  network 
professionals  choose  WTI. 


©  Single  10  Amp  Circuits 

©  Expandable  to  10  Individually 
Switched  Plugs 

©  RS232  Control  Port 


RPB+DC30 


©  Five  Individually 
Switched  Circuits 

©  Switch  -48VDC,  12  Amps 
each  Circuit,  30  Amps  Total 

©  Also  Available  in  115VAC 
and  230VAC  Models 


WWW.Wti.com  (800)  854-735?, 


western  telematic  incorporated 

5  Sterling  •  Irvine  •  California  92618-2517 
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UltraLink 


Connects  to  standalone  computers  or  any  KVM  switch 
High  quality  16-bit  video  at  up  to  1280x1024  resolution 

Easy  to  install,  give  it  an  IP  address  and  run  the  Viewer 
program,  no  user  license  required 

Encrypted  communication  produces  highly  secure  operation 
Scaling  and  scrolling  features  for  maximum  flexibility 


Rose  Electronics 
10707  Stancliff  Road 
Houston,  TX  77099 

USA  toll  free  800  333  9343 
ROSE  US  281  933  7673 
ROSE  Europe  +44  (0)  1264  850574 
ROSE  Asia  +617  3427  5353 


UltraLink  sets  a  new  standard  in  remote  management  of  server  room 
environments.  It  saves  you  money  by  allowing  you  to  centralize  your  IT 
resources.  Since  it  does  not  depend  upon  software  loaded  on  your 
computers,  it  deploys  easily  and  works  on  any  operating  system,  such 
as  Windows,  Linux,  Solaris,  Unix,  or  OSX. 


The  UltraLink  digitizes  the  remote  computer's  video.  It  then  scales, 
compresses,  encrypts,  and  packetizes  it  into  the  TCP/IP  protocol.  At 
your  PC  the  free  Viewer  application  receives  and  displays  the  video  and 
sends  back  keyboard  and  mouse  data.  This  process  allow  you  to  access 
remote  computers  from  anywhere. 


■  Single  mouse  cursor  simplifies  user  interface 

■  See  four  servers  from  one  screen  with  quad  screen  mode 

■  Lifetime  free  flash  upgrades 


Rose  is  a  leading  manufacturer  of  switching,  extension,  and  access 
products.  As  a  KVM  industry  pioneer,  Rose  is  known  for  its  technically 
superior  and  price  competitive  products. 

Join  the  ranks  of  many  successful  companies  using  UltraLink,  call  Rose 
to  learn  more  about  KVM  Access  over  IP  as  well  as  KVM  Switches  and 
Extenders. 


WWW.ROSE.COM 
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LAN  Watch  is  a 
robust,  Windows  based 
packet  analyzer.  Single 
user  only  $695.  \ 


LANWatch 
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Powerful 

Network 

Forensics 

Analysis 
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View  Email,  Web  Pages,  and  File  Contents 
Reassemble  up  to  999,999  Connections 
Patent  Pending  SSH2  &  SSL  Decryption 
Record  Traffic  for  Future  Investigation 
Guaranteed  Invisible  on  Your  Network 
Find  and  Report  Cleartext  Passwords 
Full-Content  Inspection  &  Analysis 
Catch  Header  and  Port  Spoofing 
Drill  Down  through  Connections 
Secure  Remote  Administration 


Plk©neSwee 

The  vjardialer  of  choice 
for  Security  Professionals 

PhoneSweep  Gold  has  a 
distributed  architecture, 
merged  reporting  and 
email  notification. 


Are  you  being  wardialed? 
Find  out  with  Sandtrap, 
our  Wardialer  Detector. 


Free  Whitepaper  &  Product  Demos 
www.sandstorm.net  617-426-5056 

Copyright  C  2002  Sandstorm  Enterprises,  Inc.  All  Rights  Reserved. 
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equest  for  your  FREE  CAS  booklet  of  www.cydodes.ci 


ww.cyclades.com /nw 

1  -888-CYCLADES  1-888-292-5233 
510-770-9727 
sales@cyclades.com 
Fremont,  CA 


"The  Cydades-TS  Series  of  Console  Access  Servers  provides  the  highest  port  density  and  security 
at  a  very  competitive  price.  By  using  Linux  as  the  embedded  OS,  it  offers  the  flexibility 
required  to  manage  our  dynamic  environment.  The  Cydades-TS  is  a  key  element  to  help 
us  keep  our  servers  up  and  running."  -  Pete  Kumler,  Manager  of  Site  Operations,  Yahoo!  Inc. 


Cydades-TS  Series 

Console  Access  Server 

1/4/8/16/32/48  RS-232  po0M 
First  Linux-based  Term|ralj|iS| 
IP  Filtering,  RADIUS,  arid  SS 
Linux,  FreeBSD,  Sun,  HP  and® 


1% 
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©2002  Cydodes  Corporation.  All  rights  reserved.  All  other  trodemorks  ond  product  imoges  ore  property  ol  thier  respective  owners.  Product  information  subject  to  change  without  notice. 


Firewall  Appliance 


New  kid  on  the  block? 


Hardly... 

The  GB-1000  Firewall/VPN  appliance  is  powered  by  the  GNAT  Box 
System  software  -  the  original,  small  footprint,  high  performance 
firewall  system  first  introduced  in  1996.  The  GB-1000  is  deployed 
worldwide  by  organizations  that  desire  rock-solid  operation  and  the  best 
price/performance  ratio  on  the  market  today. 

GTAhas  10  years  experience  in  developing  quality  software.  Since  1994, 
GTA  has  been  producing  solid,  dependable,  ICS  A  certified 
firewalls,  with  a  powerful  feature  set  at  an  affordable  price. 


The  GB-1000  standard  configuration  includes  4  built-in  10/100  NICs. 
Expansion  options  allow  the  addition  of  up  to  4  more  NICs,  including 
Gigabit.  Each  NIC  is  fully  addressable,  allowing  flexible  configuration. 


The  GB-1000  has  an  unlimited  user  license  and  supports  128,000 
concurrent  connections.  Our  powerful  dynamic  network  address 
translation  technology  and  stateful  packet  inspection  engine  provide  all 
users  with  transparent  Internet  access  and  proven  network  security. 

The  GB-1000  has  many  standard  features  including  IPSec  VPN,  DNS 
server,  failover  routing  and  DHCP  services.  Optional  features  such  as 
high  availability  and  24x7  support  are  also  available. 


Visit  our  web  site,  email  or  call  for  more  information. 

Global  Technology  Associates,  Inc. 

1-800-775-4GTA  •  vvwvv.gta.com  •  info@gta.com  i 
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Tel:  877-373-2700 
www.ims-4000.com 


Phonetics,  Inc. 
901  Tryens  Road 
Aston,  PA  19014 
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Internal 

UPS 


Sends 

SNMP 

Messages 


Monitors 

64 

IP  addresses 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 


Embedded 

Web 

Server 


Sends 

E-Mail 


Power 

Outage 


Microphone 

for  Sound 
Monitoring 


Internal  Voice, 
Power  Ethernet  Modem 
Control  Port  &  Pager  Port 
Interface 


8  R)-45  Sensor  Inputs 

(Temperature,  Humidity, 
Water,  Motion,  Power, 
Smoke/Fire) 


SENSAPHONE® 
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using  Zero  U 

of  rack  space? 


9  Sentry  POWER  TOWER  :  Your  Zero  U  Reboot  Solution 


16  remotely  addressable  power  outlets  — 
The  highest  density  available  of  any 
Remote  Power  Management  vertical  strip. 
3o-amp  power  input  feed  distributed 
across  16  outlets. 

Mounts  vertically  In  your  equipment  rack  or 
cabinet  and  requires  Zero  U  of  radc  space. 
Load  Sense  provides  real-time  current 
monitoring  in  the  remote  screen  interface 
and  through  a  built-in  LEO  display  for  on¬ 
site  measurement 

Power-up  sequencing  of  all  16  outlets 
prevents  an  In-rush  current  overtoad. 
Telnet,  SNMP,  Modem  or  RS-232  interfaces  for  easy, 
practical  and  secure  power  management  of  remote 
intemetworiung  equipment. 


Install  the  new  Sentry  Power  Tower  in 
your  data  center,  NOC  or  co-to  facility 
and  gain  the  advantage  of  remotely 
rebooting  up  to  16  of  your  equipment 
units  -  without  occupying  any  space  in 
your  rack  or  enclosed  cabinet 

*  Try  the  New  Sentiy  Power  Tower  in  your 
rack  or  cabinet  and  realize  the  benefits 
•*  of  Intelligent  Power  Distribution  and 
.*►  Remote  Power  Management. 

See  our  complete  product  line  at  wwwaervertech.com 
or  call  800.835.1s15  or  775^84^000 


Another  great  product  from 

Server  Technology,  Inc 


Want  better 
control  of 


your  servers? 
Power  up 
with  Paragon. 


Trade  in  your  tired,  old  KVM  boxes 
for  the  Cat5-based  Paragon®  —  and 
save  up  to  $1600  on  every  switch. 

Since  1985,  Raritan  has  been  the  technical  leader  in  KVM 
switching  and  remote  management  solutions  for  accessing 
and  controlling  servers. 

Today,  the  most  powerful,  reliable,  and  secure  KVM  solution 
available  is  Paragon  from  Raritan.  Award-winning  Paragon 
is  the  only  solution  with  Cat5  Simplicity!  and  multi-platform 
support  for  2  to  64  users  having  direct  control  of  16  to 
10,000  servers. 

The  time  to  power  up  with  Paragon  is  now.  Take  advantage 
of  our  generous,  limited-time  trade-in  rebate  and  get  back 
up  to  $1,600  per  Paragon  switch  purchased. 

Call  1  -800-724-8090,  visit  www.raritan.com.  or 
see  us  at  Comdex  in  Las  Vegas  (booth  #1316). 

Rebate  offer  ends  November  30, 2002. 


S  Raritan 


★  U-« - 1- 

Herwory 

Computing 


Anywhere,  anytime  access 

Get  a  free  online  demo  of  secure 
Web  browser  access  to  Paragon 
via  our  TeleReach®  option. 

To  schedule  a  demo  from  your 
desktop,  visit  www.raritan  com 


Raritan,  Paragon.  Cat5  Simplicity,  and  TeleReach  are  registered  traderr 


The  Hub  of  the  Network  Buy 


here  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 


Observer 
$ 995 


Expert 

Observer 

$2895 


Observer 
Suite 
$ 3995 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 

Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  &  Europe  +44  (0)  1959  569880  •  Fax  +44  (0)  1959  569881 


INSTRUMENTS 


©2002  Network  Instruments,  LLC.  Observer,  ‘‘Network  Instruments”  and  the  “N  with  a  dot"  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 
All  other  trademarks  are  property  of  their  respective  owners. 


PC  Mapazinc's 
Editor's 
Choice 
Award 


SST-MM8P  PCI 


Call  1-800-275-3500,  ext.  61 5 
for  a  FREE  30-day  evaluation! 
or  email:  sales@equinox.com 


Fax  server 
Dial  access 
Data  collection 
Modem  pooling 
Internet  access 


,  For  more  infomation  on  Equinox  products  visit  our  website  at  -  www.equinox.com 


'Vv*  Ufi  -**«*> » 


pci  ayimtigHBaangtaasters; 

Provide  4  or  8  V.90/V.34  data  and  fax  modems 
in  one  easily-installed  easily-configured  adapter. 


4  and  8-port  adapters 
Scalable  to  32  ports  per  server 
Lowest  CPU  utilization 
Installs  in  minutes 
Requires  no  interrupts 


MAGAZINE 

EDITORS' 

CHOICE 

July  2002 
S'ltnf Runner  3  0 
SdentRunner  Inc 


Cmiiputcrnorld 
Honors 
21st  Centurs 
Vuard 


SilentRunner  is  the  lens  into  your  network  providing 
the  only  network  security  solution  that  applies 
state-of-the-art  analysis,  correlation  and 
3-D  visualization  software  to  network  security 
analysis  -  exposing  threats  and  abuses  that  just 
can’t  be  seen  with  standard  security  technologies. 


For  your  free  Technical  White  Paper, 
visit  www.silentrunner.com 

or  call  800.842.23b6  today. 


SilentRunner 


an  Avocent  Company 


CONTROL  KEYBOARD.  VIDEO  AND  MOUSE  REGARDLESS  OF  LOCATION 

With  the  Kaveman  networking  device,  you  can  remotely  control  servers,  either  over 
the  Internet  or  a  local  network,  down  to  the  BIOS  level. 


ACCESS  SERVERS  USING  A  WEB  BROWSER  OR  VNC 

All  you  need  to  operate  Kaveman  is  a  web  browser  or  VNC  on  the  remote  client.  No 
additional  software  is  required.  And  no  software/users  licenses  help  keep  your  costs 
down. 


H  a  u  a  m  a  n 

COMPLETE  KVM  CONTROL  VIA  TCP/IP 


REMOTB_Y  CONTROL  POWER 

Through  the  user-friendly  Kaveman  GUI,  you  can  control  the  power  of  up  to  eight 
devices. 


AUTOMATICALLY  MONITOR  SERVER  ACTIVITY 

Kaveman  automatically  monitors  critical  server  vitals  such  as  power,  video,  and 
keyboard  response;  it  alerts  you  to  crashes  and  enables  you  to  quickly  respond  to 
problems. 


The  Engine  of  Innovation 


Available  in  single  and  eight  channel  versions 


www.digitaiv6.com 


Resellers  and  Distributors  Welcome 


dtSearch 


dtSearch 


dtSearch 


dtSearchr 


dtSearch 


dtSearch 


Instantly  Search 
QldcavCIl  Gigabytes  of  Text 

♦  Search  across  networks,  intranets,  and  web  sites 

♦  Publish  large  document  collections  to  web  or  CD/DVD 


"Superb ...  a  multitude 
of  high-end  features" 
PC  Magazine 


'Intuitive  and  austere . 
a  superb  search  tool" 
PC  World 


'Very  powerful ...  a 
staggering  number  of 
ways  to  search" 
Windows  Magazine 


"Tremendously  powerful 
and  capable" 

Visual  Developer 


"A  powerful  text  mining 
engine ...  effective 
because  of  the  level  of 
intelligence  it  displays" 
PCAI 


"Searches  at  blazing  speeds 
Computer  Reseller  News 
Test  Center 


Enterprise  features 

♦over  two  dozen  indexed,  unindexed,  fielded  and  full-text  search  options 

♦highlights  hits  in  HTML  and  PDF  while  displaying  embedded  links, 
formatting  and  IliiMiMSl 

♦converts  other  file  types— word  processor,  database,  spreadsheet, 
email,  ZIP,  XML,  Unicode,  etc— to  HTML  for  display  with  highlighted  hits 

♦developer  products  have  easy  wizard-basd  setup;  optional  API 

1  -800-IT-FINDS  See  www.dtsearch.com  for: 

salP<:@f1t<!Parrh  rnm  *  developer  case  studies 

saies^  aisearcn.com  4  free  30'day  evaluations 
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"Industrial-strength.. 
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Industrial-strength.. 
Superb”— PC  Magazine 
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"Industrial-strength.. 
superb"-pc  Magazine 
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"Industrial-strength., 
superb”-**  Magazine 
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Desktop 


Industrial-strength.. 
superb”-**  Magazine 


The  Smart  Choice 
Text  Retrieval®  si 


Network 

♦  from  $800 


The  Hub  of  the  Hetwork  Buy 


Easy  to  use.  Convenient. 

At-a-  glance  information  for 
selecting  the  right  server  for  your 
application  with  processor,  memory  and 
storage  information.  Available  for  HP,  IBM, 
Sun  and  Compaq.  Call  877.231.2451  or  visit 
www.wdpi.com  to  request  your  FREE  Server 
Configuration  Guide. 


RLD 


Ob- - 


Buy  •  Sell  •  Lease  •  Repair  •  New  •  Refurbished  •  Used 
www.wdpi.com  •  877.231.2451 

121  Cheshire  Lane,  Minnetonka,  MN  55305  U.S.A. 


17”  TFT  1U  RACK  MOUNT  DISPLAYS 


-  Adjustable  length  ball 

bearing  slides. 

-  Also  in  black  and  with 

locking  front  panels. 

-  Made  in  the  USA. 


With  Keyboard  and 


and  Touchpad 


17  Display  Only 


1-800-729-7654 

Web:  www.recortec.com 
Email:  sales@recortec.com 

RECORTEC,  INC. 

1 620  Berryessa  Road  San  Jose,  Ca  95133 
Tel :  (408)  928-1 480  Fax:  (408)  729-3661 


A  24/7  Internet  Alarm 


Keynote’s  Red  Alert  service  can  monitor  and 
execute  end-to-end  checks  of  any  TCP-enabled 
Internet  application  or  device  24/7/365. 
Whenever  a  server  or  network  fails,  Keynote’s 
Red  Alert  service  isolates  the  problem  and 
immediately  notifies  you  with  full  details  via 
e-mail,  pager  or  cellphone.  Or  all  three. 

Red  Alert.  Another  way  Keynote  helps  you 
expect  the  unexpected. 

For  a  30  day  free  trial  of  Red  Alert 

Go  to  http://www.redalert.com 
Or  call  1(800)  548-4517 


U KEYNOTE 

&  ^  The  Internet  Performance  Authority 


Boson  Training 

I  Learnkey  Inc.  ^ 

(813)  925-0700  ^ 

1  (800)  865-0165 

www.bosontraining.com 

1  www.learnkey.com 

CCIE,  CCNP,  CSS1,  CCNA,  Cisco, 

1  Self-paced  online  CD  network 

wireless,  CISSP 

I  certification  developer  bus/apps 

— ■ — ■ 


IPexpert,  Inc. 

(866)  225-8064 
www.ipexpert.net 
CCIE,  CCNP,  CSS1,  CCNA,  Cisco, 
wireless,  CISSP 


CBT  Nuggets,  Inc. 

(541)  284-5522 
www.cbtnuggets.com 
IT  Certification  Videos 


To  Place  Your  Listing  Here 
Call  Enku  Gubaie  at  (800)  622-1108 


7, 


X.  888-8LANWAN 

Call  for  Free  Quote!  (888-852-6926) 


Receive  an 
IRS  Tax 
Deduction 


2-DAY  PUBLIC  WEBCAST  AUCTION 


11AM,  WED.  &  THURS.,  NOV.  6  &  7  •  CHICAGO 


Inspection:  11/5, 9am-4:30pm,  11/6  9am-11am  and  morning  of  the  sale. 
Inspection/Preview:  330  North  Wabash  Ave.,  Chicago,  IL 
Bidding  location  to  be  announced 

70,000  SQ.  FT.  TECHNOLOGY  FACILITY  ! 

leaturing  High-End  Servers,  Cisco  Routers,  Switches,  Office 
Furniture,  Seating,  TV's,  VCR's,  Laptops,  Phone  Systems,  Octel 
Voicemail,  Video  conferencing,  computers,  printers  and  a  lot  more!!! 


Check  website  for  updated 
inventory 

Great  American  Group® 

_ WHOLESALE  &  INDUSTRIAL  SERVICES 

Minology  &  Webcast  Partner  Cowan  Alexander.  LLC 


For  more  details  or  to  register  online: 


www.greatamerican.com 
818-884-3747,  ext.  456 


Leukemia  Support  Group  Call  610-970-2705 

Helping  cancer  victims  for  three  years  — —— — — — ■■  mu - 


"Bid  On  Location  or  Live  Online!" 

Furniture  and  Equipment  no  longer  needed 
for  future  operations  of  this  location 


Andersen 


We 


CISCO 


New  &  Used 
Fully  Guaranteed 
Overnight  Delivery 


■  ■■ 


$»  h.bia  Espanol 
Wir  sprechen  Doutsch 


800.451.3407 


slilian  Drive.  Suite  110,  Santa  Barbara.  CA  93117 


Routers 
Switches 
Interface  Modules 
Access  Servers 
Accessories 


www.networkhardware.com 

BUY  ONLING 


NGTWORK  HARDWARE  RESALE 


Network 
Test  Tool 


PDA  Based! 


s699 


(FREE  Palm  ml05 
included) 


10/100  Ethernet  LAN  Tester 

Design  Engineers: 

Evaluate  &  test  new 
equipment  under 
development 
Network  Engineers: 

Determine  faulty 
NIC  cards,  wiring,  & 
network  equipment 

►  Displays  network  utilization,  packets 
&  statistics 

►  Captures  &  generates  various  error 
packets 

►  Network  load  testing  function 

►  Full  auto  negotiation  &  DHCP  ready 


Toll  Free  1-866-442-7767 
www.smartronix.com/products 


FIBER  OPTIC 

InfiniBand 

FOR  SERVERS 

PCI-X,  2  PORTS  @  10  GBPS 

HIGH-SPEED  LINKS 

TO  300  METERS 

PMC  BOARDS  AVAILABLE 
FOR  CompactPCI 


First  Star  Networks 


Tel:  781-899-6400 
www.FlrstStarNetworks.com 


riiiti 


4mm 


CISCO  NORTEL 


UP  TO  85%  OFF 

CURRENT  TECHNOLOGY 

NEW  •  REFURB  /  BUY  •  SELL 


THIS  MONTH'S  HOT  SPECIALS 

Passport  8648TX  Enterprise  Routing  Switch  Module  (Refurbished) 

48  port  autosensing  10BASE-T/100BASE-TX  Ethernet  Layer  switching  interfaced 

Special  $4,800 

Cisto  2924-CXL  (Refurbished) 

22  Port  10/100  Ethernet  Switch  S  2  Ports  B-FX 

Special  $675 

While  Supplies  Last 

ASN2  Base  Unit  32  M  48V  Redundant  Power  (Refurbished) 

Special  $895 

16  MB  Nortel  Compatible  PCMCIA  Flash  Card 

Special  $225 

NLE  OFFERS  FREE  LIFETIME  TECHNICAL  SUPPORT 

SPECIALS  EXPIRE  11/15/02 

NEW-USED 
WE  BUY-WE  SELL 


Cisci  Systems 


caaeTRon 

_ systems 


LEGACY/DISCONTINUED 
PRODUCTS  SPECIALISTS 
OUR  20TH  YEAR! 

ERGONOMIC  ENTERPRISES,  Inc 
47  WERMAN  CT. 
PLAINVIEW  NY  11803 
1-877-4LAN-WAN  (452-6926) 
Int'l:  001-516-293-5200 
fx  516-293-5325 
www.4lanwan.com 

rich@4lanwan.com 


grafsa 


£ 


We  sell,  buy.  and  lease  the  best  new  and  refurbished  networking 
equipment  and  systems  at  the  lowest  prices  anywhere. 

Isn't  it  about  time  you  nude  the  smart  choice? 

Trust  the  Experts -  we  Specialize  In. . . 

Cisci)  Swims 


.Continental 

Computers  Since  1984 


BflSSODO 


Authorised  COMPAQ. 

Alpha  SYSTEMS 

The*#  logo*  are  a  nademart  ot  trm  raaoecave  oomoarwa  a no  MnacM 


www.conticomp.com  •  310.416.1200 


Systems/Feotures/Memory 


EQUIPMENT 


Also  Available:  wellfleet,  Bay,  Fore, 
Xylogics,  Livingston,  &  Ascend 

In  Stock  •  Fast  Delivery  •  No  Expedite  Charges 

COMSTAR,  INC. 

The  #1  Network  Remarketer 

952*835*5502 

Fax  952*855*1927  E-Mail:sales@comstarinc.com 


NORTEL 

NETWORKS 


3S 


caaeTRon 


#  Bay  Networks 


NATIONAL  LAN  EXCHANGE  •  WWW.NLE.COM 


ecure  Your  Future. 


© 


careers.com 


IT  CAREERS 


© 


careers 


. -  i  . . . 

Powerhouse 

Programmer/Analyst 

With  a  minimum  of  2  years  Powerhouse 
experience  to  design,  program  &  test  customer 
modifications  to  our  Software  applications. 
Must  have  extensive  experience  with  Power¬ 
house  QUICK,  QUIZ  and  QTP.  Ability  to  work 
with  minimum  supervision  &  interface  closely 
with  customers.  Experience  with  Import/ 
Export  Software  desirable.  Bachelor's  degree, 
in  Computer  Science  or  equivalent  work 
experience.  Salary  $75K.  Send  2  copies  of 
resume  to:  Job  Order  #2002-267,  PO  Box 
989,  Concord,  NH  03302-0989 


Software  Engineer 

Designs,  develops  &  implements 
soft,  systems  using  IBM  main¬ 
frames  &  related  software.  Must 
have  Bachelors  in  comp,  sci., 
comp,  appl.,  math,  physics,  or 
eng.  plus  one  yr.  exp.  as  soft, 
eng.  or  as  a  comp.  prof,  as  well 
as  one  yr.  of  prof.  exp.  w/  Unix, 
VAX/VMS,  RMS  dbase,  COBOL, 
JCL  &  IBM  3090  mainframe.. 
$65,000/yr.,  F/T,  hrs  vary.  Send 
resumes.to  Armstrong  Cty  Team 
PA  Careerlink.,  Attn:  Mgr.,  1270 
N.  Water  St.,  PO  Box  759, 
Kittanning,  PA  16201-0759.  Ref¬ 
erence  Job  Order  #  WEB 
279733. 

Controller-  Interwise,  Inc.  has 

immediate  careers  opportunities 

for  talented  people  with  appro¬ 
priate  experience  to  work  in 

our  Boston  office.  Financial 

Controller,  North  America. 

Requires  B.A./B.S.  in  Bus.  Admin. 

or  Accounting,  and  5-7  years 

experience  in  the  Accounting 

/Auditing  field.  Send  resume  to: 

Interwise,  2334  Walsh  Ave., 

Santa  Clara,  CA  95051,  attn: 

HR;  or  fax  to  408-748-781 8. 

UNIX  Administrator:  Saiven  Info 
Links.  Inc.  one  of  the  fastest 
growing  IT  service  companies 
requires  an  UNIX  Administrator 
to  provide  all  UNIX  administration 
tasks  including  UNIX  scripting, 
TCP/IP  network  protocols  and 
maintaining  of  Sun/Solaris  Ultra 
enterprise  servers.  SAP  ERP 
and  new  dimension  servers. 
Needs  a  Masters  in  CS  or  any 
related  degree  combined  with  1 
+  years  experience  or  Bachelors 
with  5  years  experience  as  a 
software  engineer.  Please  send 
resumes  to  Saiven  Info  Links, 
Inc.,  Human  Resources,  9801 
Meadowglen  Lane,  Suite  #193, 
Houston,  TX  77042. 

Prog/Analysts  to  analyze,  design, 
maintain  web  appls  using  C, 
C++,  Java,  HTML  etc;  design/ 
develop  custom  appls  in  a  client 
server  environment  using  Oracle, 
PL/SQL,  Dev  2000,  under 
Windows  NT, UNIX  OS;  provide 
on  site  maintenance  support  to 
clients  such  as  debugging,  mod¬ 
ifications,  fine  tuning  and  code 
optimization.  Require  BS  or  foreign 
equiv  with  cone,  in  CS  or  Engg 
(any  branch)  &  2  yrs  exp  in 
IT.  High  salaries,  F/T.  Travel 
involved.  Apply  to:  HR,  Smartsoft 
International, Inc.  4898,  South 
Old  Peachtree  Rd,  Norcross,  GA 
30071 

Comp.  Sys  Enng-Develop  and 

design  software  applications  for 

business  systems  utilizing  VB, 

Oracle  7.3,  APACHI  and  Web 

Logic  Servers.  F/T;  Min  2/yrs 

exp.  in  job  offered  or  2/yrs  exp. 

reltd  position  with  same  duties 

and  A.S.  in  Math,  Physics,  CIS. 

or  reltd  field.  Exp.  ref.  required. 

Contact:  Aaxis  Systems,  1983 

Lake  Shadow  Way,  Suwanee, 

GA  30024. 

Computers-Sr.  Technical  Archi¬ 
tects,  Project  Mgrs.  needed. 
Seeking  qual.  cand.  possessing 
MS/BS  or  equiv.  and/or  rel.  work 
exp.  Part  of  the  exp.  must  include 

2  yrs.  working  with  Java,  XML 
and  BaanERP.Work  with  3  of  the 
following:  Java,  XML,  BaanERP, 
Baan  OpenWorld,  VB.  Integration 
exp.  with  BaanERP  is  preferred. 
Must  be  willing  to  travel  as 
req'd.  Fwd.  resume  &  ref.  to: 
e-Emphasys  Tech.,  Attn:  HR, 
219  E.  Chatham  St„  #102,  Cary, 
NC  27511. 

Database/Web  Engineer--exp  in 
web  server  based  applic,  dsgn, 
dvlpmt,  troubleshoot,  fine  tuning 
&  admin.  Familiar  w/GUI  inter¬ 
face,  trilogy  object  modeling, 
EJB,  shell  scripting,  UML,  J2EE, 
OOA/OOD,  C++,  Java,  Oracle  8i 
&  UDB  d/base  websphere  a 
ppllc.  Familiar  w/project  mgmt  for 
fln'l  &  HR  industry  &  CISCO 
router  BSc/BEng  w/2  yrs  exp. 
40hrs  8a-5p.  Send  resume  to  Ms 
Nath.  Nextech  Group,  Inc,  15 
New  Dover  Ave,  Coionia,  NJ 

07067. 

Manager 

Amazon  Technologies  Co.,  a 
leading  developer  of  sophisticated 
air-traffic  management  systems, 
seeks  a  Business  &  Product 
Development  Manager.  Must 
have  MS  in  Engineering  or  related 
field  and  6  yrs  exp.  in  software 
engineering.  Experience  w/real 
time  systems  &  distributed  tech., 
IEEE/EIA  12207  and  Mil  STD- 
498  standards,  and  Portuguese 
fluency  are  required.  To  apply, 
send  resume  and  cover  letter  to: 
Attn:  Felipe  Rocheleau.  Amazon 
Tech.,  500  West  Cummings 
Pkwy,  Suite  5500,  Woburn.  MA 
01801.  Must  have  unrestricted 
authorization  to  work  in  the  United 
States. 

Sr.  Network  Management  Soft¬ 
ware  Engineer,  Portsmouth,  NH: 
Design,  develop  &  test  secure, 
SSL,  web-based  user  interfaces 
&  services  in  support  of  network 
mngmnt  of  Company's  next  gen¬ 
eration,  protocol  agnostic,  con¬ 
verged  Fibre  Channel  &  Ether¬ 
net  switch,  that  is  to  be  deployed 
within  a  Storage  Area  Network 
(SAN);  develop  a  complete 
object-oriented  framework  utilizing 
backend  Linux  scripts  written  in 
TCL,  Perl  &  BASH  to  make 
SNMP  requests  for  dynamic  web 
page  creation  &  display  of  the 
mngmnt  &  configuration  data  for 
purposes  of  switch  services 
such  as  fault,  configuration,  ac¬ 
counting,  performance  &  security; 
work  individually,  as  well  as  within 
a  team  to  develop  a  distributed, 
high-availability  switch  framework 
solution  that  guarantees  an  in¬ 
dustry  stndrd  of  continuous  5 
nines  (99.999%)  uptime  of  the 
switch  &  its  srvcs;  develop  data¬ 
base  schemas  &  data  models  for 
purposes  of  design,  development 
&  test  of  standalone  SNMP 
Agents  through  which  the  web- 
based  user  interfaces  &  services 
can  expose  internal  switch  ser¬ 
vices  &  data.  Must  be  able  to 
utilize  XML,  DTD,  &  DOM  to  rep¬ 
resent  &  access  these  databases 
through  web  enabled  services; 
develop  a  distributed  web-based 
solution  for  concurrent  mngmnt 
of  multiple,  interlinked  Sandial 
switches;  Design  &  develop  web 
pages,  interfaces,  services  & 
applications  utilizing  XML,  DTD, 
DOM,  HTML,  HTTP,  DHTML, 
Javascript,  TCL  &  Java  for  the 
IIS  &/ or  Apache  web  servers; 
design  &  develop  multithreaded 
(Pthreads)  &  object-oriented 
user-interface  applications  &  Linux 
based  web-page  interfaces  & 
services;  participate  in  the  data 
modeling  of  the  switch  services 
mngmnt  data  for  use  in  develop¬ 
ing  a  DMTF/CIM  object-oriented 
mngmnt  database  schema  & 
framework  consisting  of  a 
CIMOM  process  that  translates 
XML  over  HTML/HTTP  requests 
into  switch  configuration  changes. 
Develop  XML,  DTD  &  DOM  doc¬ 
uments,  data  models  &  data¬ 
base  schemas  in  support  of  this 
data  modeling.  Supvr:  Manager, 
Software  Design.  Supervise  0 
staff.  Salary  $75,000, 40  hrs/wk, 
8:00  a.m.-6:00  p.m.  Educ.:  3  or  4 
yr  undergrad  degree  or  foreign 
equiv.  in  Computer  Science, 
Engineering,  Electronics  or  a  re¬ 
lated  technical  field.  Exp:  2  yrs  in 
job  offered  or  2  yrs  in  position 
developing  networking  &/or  en¬ 
terprise  network  mngmnt  solu¬ 
tions;  2  yrs  of  exp  with  the  fol¬ 
lowing:  Developing  database 
schemas  &  data  models;  IIS, 
TCLHttpd  &/or  Apache  web 
servers;  Development  of  multi¬ 
threaded,  object  oriented  appli¬ 
cations;  Development  of  web¬ 
page  interfaces  &  services;  DTD 
&  DOM;  Development  &  deploy¬ 
ment  of  software  applications  for 
use  in  a  SAN  environment;  & 
at  least  three  of  the  following 
technologies:  TCL,  Perl,  XML, 
DHTML,  HTML,  HTTP,  Java, 
JavaScript,  SSL.  Applicants 
must  send  two  (2)  copies  of  their 
resume/letters  of  application  to 
Job  Order  #2003-001 ,  PO.  Box 
989,  Concord,  NH  03302-0989. 


♦ 


Prog/Analysts  to  design,  develop 
and  implement  appls  using 

—COBOL,  CICS,  DB2,  JCL, 
Oracle,  Pro‘C,  C  on  Windows, 
UNIX  &  IBM  Mainframes;  perform 
DBA  duties  using  Sybase  Repli¬ 
cation  Server  or  perform  admin  on 
UNISYS  A-Series  environments; 

— C,  C++,  VB,  ASP,  COM,  DCOM, 
CORBA,  Oracle  and  SQL  Server 
on  Windows  and  UNIX  OS. 

conduct  user  requirement/feasi¬ 
bility  studies,  systems  analysis, 
maintenance,  documentation, 
support,  unit/system  testing  and 
debugging.  Require  BS  or  foreign 
equiv  in  CS/Engg  (any  branch) 
and  2  yrs  exp  in  IT.  High  salary, 
f/t.  Some  travel  required.  Resumes 
to  Salem  Associates,  Inc.  405, 
6th  Ave,  Ste  1 02,  Des  Moines,  I A 
50309 


SAP  Basis  Admin:  Samsung 

SDS  sks  SAP  Basis  Admin  w / 

knwldg  of  SAP  R/3,  CRM,  ESS, 

Portals.  EBPro,  ITS  &  Busi. 

Connector.  Dsgn  SAP  4.6B  sys 

arch  &  BW  sys  under  Oracle  on 

Unix  under  sup.  of  mgr.  Req:  BS 

in  CS  &  2  yrs  exp.  Send  res  to: 

Mr.  SA  Park  at  Samsung  SDS  1 5 

Corp.  PI.  S,  Piscataway,  NJ 

08854 

MANAGER.  Software  Research 

&  Development  sought  by  NJ 

based  Securities  Dealer.  Must 

possess  Master's  Degree  or 
equivalent  in  Computer  Science 

or  directly  related  field  and  4 

years  exp.  in  Software/systems 
development/design/research. 

Respond  to:  Human  Resources 

Department.  810TJXMC,  Knight 
Trading  Group.  Inc.,  525 

Washington  Blvd.,  Jersey  City, 

NJ  07310. 

Multiple  openings  for  software 
engineer/consultants,  programmer 
analysts,  project  engineer/man¬ 
ager,  program  mgr  (Biz  Dev). 
Some  positions  req  Bachelor  (or 
equiv.)  while  others  req  Masters 
(or  equiv.)  in  CS,  Engg,  Math, 

Bus  Admin  or  related  field.  We 

will  accept  the  foreign  edu.  equiv. 
&/or  its  equiv.  in  edu.  &  exp.  Exp. 
req.  will  depend  on  position.  Mail 
resumes  to  HR,  Harvard  Soft, 
605  Cardinal  Lane,  Tyngsboro, 

MA  01879. 

Systems  &  Requirements  Engi¬ 
neer  wanted  to  analyze,  design, 
develop  and  support  systems 
and  business  support  systems. 
Bachelor's  degree  or  equivalent 
in  a  Computer  related  field  and  a 
minimum  of  4  years  experience 
in  software  development.  Must 
also  have  at  least  1  year  of 
experience  inTIBCO  Rendezvous, 
TIBCO  Integration  Manager  and 
TIBCO  Message  Broker.  Please 
e-mail  resumes  to  Rebecca. 

a ustamente®  radianz.com 

(subject:  Code  311). 

Sr.  S/ware  Engr  wanted  by  a 
s/ware  develp  Co.  in  Sacramento, 

CA.  Will  devlp  and  customize 

Unify  s/ware  prod,  for  far  eastern 

Pacific-Rim  mkts.  Must  have 

Bach  deg  in  CS  or  Comp.  Engr. 
with  fluency  in  spoken  and  written 

Japanese  with  understanding  of 

Japanese  &  eastern  Asian  lang. 

character  code  sets.  Mail  resume 

to:  HR,  Unify  Corporation, 

201  Arena  Blvd.,  Suite  100, 

Sacramento,  CA  95834. 

Database/Web  Engineer-exp  in 
web  server  based  applic,  dsgn, 
dvlpmt,  troubleshoot,  fine  tuning 
&  admin.  Familiar  w/GUI  interface, 
trilogy  object  modeling,  EJB  & 
CMM  Level  2  security  expertise, 
UML,  J2EE  dsgn  sales  commis¬ 
sion  retail  distribution  using  Java, 
Oracle  &  UDB  d/base  websphere 
applic.  Familiar  w/IBM  Websphere 
version  4.x  for  insurance,  fin'l  & 
HR  industry.  BSc/BEng  w/5  yrs 
exp  or  MSc/MEng,  40hrs  8a-5p. 
Send  resume  to  Mr.  Raj  Bhator, 
KR  Info  Technology,  Inc,  215-18 
49th  Ave,  Bayside,  NY  1 1 364. 

Software  Test  Engineer,  Senior. 
TeamShare,  Inc.  is  seeking 
Senior  Software  Test  Engineer 
for  its  Colorado  Springs  location. 
Position  involves  design,  devel¬ 
opment,  and  testing  of  applica¬ 
tions  that  run  on  Windows 
platform  and  access  relational 
database  management  systems. 
Position  requires  Master's  in 
computer  science  or  related  field 
and  two  years  of  development 
experience  in  Windows  accessing 
RDBMS  using  Winrunner,  HTML 
and  SQL.  Apply  by  surface  mail 
only:  Attn:  Human  Resources 
Ref.  #0062002,  TeamShare,  Inc., 
1975  Research  Parkway,  Ste 
200,  Colorado  Springs,  CO 
80920 

Software  Engineer:  A  supplier  of 
world  class  circuits  to  world- 
known  PC  manufacturers  is 
seeking  a  Software  Engineer 
who  will  be  responsible  for 
developing  drivers  under  Win 
98/M  E/2000  that  will  handle  PnP 
messages  &  pass  WHQL  tests. 
Req'd:  Master's  degree  in  Engi¬ 
neering,  Computer  Science,  In¬ 
formation  Systems  or  related 
w/1  yr  exp  in  the  job  offered  or  as 
Application  Software  Developer. 
Exp  w/Win  OS  architecture,  MS 
SQL  Server  6.5,  Visual  BASIC 
&  C/C++.  Send  resume  to: 
Standard  Microsystems  Corp, 

1 1 000  N  Mopac  Exp,  Stonelake 
Bldg  6,  Austin,  TX  78759;  Attn: 
Rick  Karl. 

Systems  Analyst/Web  Designer. 

9a-6p.  40  hrs/wk.  Analyze  reqmts, 

recommend  dsgn,  organize/ 

categorize  info,  dvlp  navigational 

structures  analyzing  large  sets 

of  data  &  advanced  site  prgmg, 

work  w/  web/internet  prgmg  & 

digital  imaging.  Req:  Bach  or 

equiv  in  Comp  Sci  or  closely 

related.  Resume  to:  Madan  L. 

Dhamija,  Netkomp,  250  Amber 

Light  Ct.,  Henderson,  NV  89074. 

TAX  APPRAISAL  COLLECTION 

SOFTWARE  PROJECT  MAN¬ 
AGER  wanted  by  law  firm  in 

Houston,  TX.  Must  have  degree 

&  tax  appraisal  collection  SW 

development  exp.  Respond  by 

resume  only  to:  Ms.  Veronica 

Brown,  Linebarger  Goggan 

Blair  Pena  &  Sampson  LLP,  91 1 

Central  Parkway  N.,  Ste  200, 

San  Antonio,  TX  78232. 

where  the  best  get  better 


1-800-762-2977 


Anacon  has  openings  for  IT 
professionals  (SAW.  proiect  engi¬ 
neers.  programmer/system  ana¬ 
lysts).  Candidate  must  have  BS 
/MS.  One-year  exp.  is  a  minimum. 
Skills  in  areas  of  C.  COBOL. 
Oracle,  SQL.  Sybase,  DB2.  People 
Soft,  SQA.  VB  are  plus.  Contact 
anacon@anacon.com.  EOE. 

Computer  Professionals  (multiple) 
wanted  by  Bralak  Technologies 
(small  but  stable).  Candidates 
must  have  at  least  BS  degree  IT 
experience  in  Oracle,  Unix. 
C/C++.  SQL,  PL/SQL.  WebLogic. 
etc  is  a  plus.  Attractive  wage  with 
full  benefits.  Please  send 
resumes  to;  hr@bralak.com. 
EOE. 


Programmers  &  Developers: 
Design,  develop,  test  and  imple¬ 
ment  specialized  applications 
as  per  custom  specifications  in 
ERWIN,  Oracle  Web  Portal.  Data 
Junction,  Data  Warehousing, 
Datamarts  and  Cognos  Bl. 
Prevailing  wage/benefits.  Send 
resume  to  Mr.  Chinna  Rao, 
Bhargav  Computer  Consulting 
USA,  Inc.,  42  Read's  Way,  New 
Castle  Corporate  Commons, 
New  Castle.  DE  19720.  EOE. 


Portsmouth-based  internet  soft¬ 
ware  co.  seeks  Principal  Soft¬ 
ware  QA  Engineer  to  ensure 
engineering  integrity  of  software 
platforms/applications,  including 
database  administration/testing, 
design/implementation  of  soft¬ 
ware  testing  plans,  and  test  suite 
automation  for  Java  and  XML 
software  tools.  Must  have  Bach, 
in  Comp.  Sci.,  Elec.  Eng.  or 
equiv.;  3  yrs  exp.  in  software 
development  or  quality  assur¬ 
ance;  and  knowledge  of:  Java; 
Javascript;  JBuilder;  JDBC;  test¬ 
ing  of  graphical  user  interfaces; 
relational  database  systems 
such  as  Sybase,  Oracle,  DB2, 
and  MS-SQL  Server;  HTML; 
XML;  and  Windows.  Salary 
$82,700-$90,000/yr.  Submit  2 
resumes  to:  Job  Order  #2002- 
243,  P.O.  Box  989,  Concord,  NH 
03302-0989. 


SYSTEMS  ANALYSTS:  Systems 
On  Line  Inc.,  Houston  based 
company  requires  Systems 
Analysts  to  research,  analyze, 
design  and  develop  operational 
procedures  to  automate  pro¬ 
cessing  and  to  develop  new  sys¬ 
tems  to  improve  production. 
Knowledge  of  SAP,  Oracle,  and 
other  business  related  software 
is  essential.  Needs  a  Masters  in 
Engmeering/CS  or  in  any  related 
field  combined  with  1  years  rele¬ 
vant  experience  in  designing  and 
developing  computer  software 
systems  OR  Bachelor's  combined 
with  5  years  relevant  experience 
considered.  Please  send  resumes 
to  Mr.  Srinivas  Sonti,  Recruiter, 
Systems  On  Line,  Inc.,  7231 
Branford  Park  Ln,  Richmond,  TX 
77469. 


Programmer/Analyst  (Somerset. 
NJ)  Plan,  develop,  test  &  docu¬ 
ment  com-puter  software  using 
COBOL  II.  DB2,  VSAM,  IMS  DB/ 
DC.  MVS,  FILE-AID,  ENDEAVOR, 
PANVALET,  VIASOFT,  Insight, 
Platinum,  CA-ProEdit  &  JCL 
skills.  37.5  hrs/Wk,  9am-5pm,  $44 
/hr.  2  yrs'  exp  req'd.  Bachelor's 
degree/major  field  of  study: 
Comp  Sci.  Comp  Engg  or  Comm 
Engg.  Send  resume  to:  United 
Logic,  Inc,  1075  Easton  Ave. 
Tower  2,  Suite  9.  Somerset,  NJ 
08873. 


Become  a  IDicrosoft  Windows  2000  Security  Expert. 

It’s  easy.  Just  point,  dick  and  choose  the  format  that  works  best  for  you: 
•CD-ROIll  •Uleb-Based  •Hands-On  •Uirtual  Classroom 

Uisit  lletSmart  today  at  unuw.nwnetsmart.com 


■r-f,  ■  - 


(J)  careers.com 


IT  CAREERS 


Senior  Software  Engineer  - 
analyze,  design,  develop,  test  & 
implement  eGovernment  appli¬ 
cations  &  products  using  knowl¬ 
edge  of  &  experience  w/  Oracle 
&  MS  Acces  RDBMS,  Unix  shell 
script  Unix  utilities  (lex,  yacc,  awk), 
Java.  JavaScripts,  Java  Swing, 
JDBC,  DCOM,  Esterel,  MFC, 
Visual  C++  &  C  on  Unix  (Sun 
Solaris)  &  Windows  2000/NT; 
develop  object  model/use  cases 
&  class  diagrams  in  UML;  develop 
IVR  applications  using  VoiceXML; 
manage  on-site  &  remote  devel¬ 
opment  teams;  Requires:  Web 
&  Application  server  use  &  main¬ 
tenance  exp.;  BS  (or  MS)  in  com¬ 
puter  science  or  information 
systems  +  7  YR  related  exp.  (5 
YR  w/  MS).  Interested  candidates 
e:mail  resumes  to  kroehling© 
nicusa.com. 


Saras  has  openings  for  IT  pro¬ 
fessionals.  BS/MS  is  must.  Skills 
in  SAR  Baan,  Peoplesoft,  Oracle 
Apps,  Sybase,  AS/400,  VB,  PB, 
JAVA,  JavaScript,  PERL,  Cat, 
HTML,  XML,  C,  C++,  OOPS,  Web 
logic  &  Lotus  Notes  preferred. 
Also  want  Marketing  Executive, 
resume  @  sarasamerica.com 

Exlmware,  a  service  Co.  for  global 
agriculture  trade  markets,  is 
looking  for  Business/Sys.  Analysts 
&  S/W  Eng.  Min.  BS  with  1-yr 
exp.  required.  Key  skills:  s/w 
design,  dev.  and  testing,  proj 
mgt.,  OO  prog.,  java,  and  xml. 
Send  resumes  to;  careers® 
eximware.com.  EOE 


Programmer/Analyst  /  Software 
Art  Corp.,  a  software-consulting 
firm,  requires  software  profes¬ 
sionals  with  demonstrated 
hands-on  experience  in  the 
following:  Unix  System  Admins 
Sun/HP 

Client  Server:  MS  VB  .NET,  ASP 
.NET  C#/C++/0  racle/Sybase/Wi 
ndows/Unix  DBA:  Sybase/SQL 
Server 

Internet  Computing:  JAVA/CORBA 
/XML,  JAVAWebsphere/Weblogic 
QA  Testers:  Manual/Automated, 
JD  Edwards, 

SAS  Programmers  Send  resume 
to: 

Software  Art  Corporation 
2304  Brunswick  Ave, 
Lawrenceville  NJ  08648 
nicky@softwareart.com 


Computers-Sr.  Software  Engineers 
needed.  Zephyr  Assoc,  a  Zephyr 
Cove  based  NV  company  is 
seeking  qual.  candidates  pos¬ 
sessing  MS  or  equiv.  and/or 
relevant  work  exp.  Exp.  must 
include  1  yr.  working  with  C++, 
Win32  API  &  DBMS.  Develop 
&  design  investment  analysis 
software  applications  for  institu¬ 
tional  investment  industry.  Mail 
resume  &  references  to:  Zephyr 
Assoc.,  Attn:  HR,  P.O.  Box 
12368,  Zephyr  Cove,  NV  89448. 


Komputer  Plus  Peripherals,  Inc., 
in  Houston,  TX  has  6  positions 
avail  for  Computer  Support 
Specialists  to  provide  technical 
assistance/support;  resolve  tech¬ 
nical  difficulties  by  analyzing/ 
developing  applications  using 
Rational  Rose,  VisualAge  for 
Java,  Websphere  application 
server,  NT/SQL  Server,  System 
Development  Life  Cycle,  Struc¬ 
tured  Analysis  Methods,  Entity 
Relationship  Diagrams,  Process 
Decomposition,  Data  Flow  Dia¬ 
grams.  C++,  NT,  UNIX,  and  VMS 
OS.  Req.  Bachelor's  degree  in 
comp  sci/eng,  info  sys  or  rel  field 
and  18  mos  of  tech  support 
and/or  systems  admin  and/or 
programming  exp.  Resumes  to 
E.  Pascual,  11750  Wilcrest  Dr„ 
Houston,  TX  77099. 


Software  Engineer.  Work  Sched 
8:00AM-5:00PM  40  hrs/wk. 
S83.387.20  P/A.  Analyze,  pro¬ 
gram,  design,  modify,  code,  test 
&  implement  multi-tiered  client 
server  &  web  software  to  access 
database  in  Windows,  DOS, 
UNIX  &  mainframe  environ¬ 
ments.  Use  artificial  intelligence 
theory  &  Object  Oriented  ("OO") 
OOA  (Analysis),  OOP  (Program¬ 
ming),  OOD  (Development),  & 
OO  (Concept)  methodologies  & 
algorithms  to  analyze  manufac¬ 
turing  process  requirements  & 
design  applications  structures. 
Program  &  develop  software 
using  Java,  JDK,  AWT,  Applet, 
Swing,  Java  beans,  J2EE,  JDBC, 
RMI,  Multi-thread,  Serverlet, 
Websphere,  Kawa  &  VisualAge 
in  Windows,  DOS,  UNIX  &  dis¬ 
tributed  multi-tiered  Client/Server 
environment.  Also  apply  HTML, 
XML,  JavaScript  &  SQL  & 
JProbe.  Develop  artificial  intelli¬ 
gence  theory  &  find  concrete 
business  solutions  for  transac¬ 
tion  over  different  technical 
domains.  Research  &  develop 
applications  to  facilitate  total 
quality  management,  scheduling 
optimization,  plant  floor  process 
controls  &  real-time  monitoring 
&  feedback  to  reduce  vehicle 
production  times  &  lower  costs, 
including  during  manufacturing 
process  activities.  Master,  Com¬ 
puter  Science,  &/or  Computer 
Science  &  Engineering.  Six  mths. 
exp.  in  Job  or  Related  Occupation 
(s)  of  Engineer  or  Research  As¬ 
sistant,  Six  months  of  Related 
Occupation  experience  must 
include  using  artificial  intelli¬ 
gence  theory  &  OOA,  OOP,  & 
OOD  methodologies  to  design 
prototype  applications  systems, 
which  may  be  concurrent  with 
Related  Occupation  experience. 
Employer  Paid  Ad.  Send  resume 
to  MDCD,  P.O.  Box  11170, 
Detroit,  Ml  48202,  Ref.  No. 
202186. 


Special  Projects  Director  for 
company  located  in  Grand 
Prairie,  Texas.  40-hour  week, 
8a-5p,  Masters  or  foreign  degree 
equivalent  in  Computer  Science 
and  1  year  experience  as  a 
Systems  Analyst.  Supervise  1 
employee.  Responsible  for  IT 
project  management  including 
planning,  designing  and  imple¬ 
menting  technology  solutions  in 
order  to  reduce  production  costs 
and  increase  efficiency.  Fax 
resume  to  Human  Resources 
972-642-9987. 


Software  Engineers.  Exciting 
opportunity  for  experienced 
Software  Engineers.  Multiple  job 
openings.  Send  resume  to  Hyland 
Software,  Inc.,  28500  Clemens 
Rd„  Westlake,  OH  44145, 
Attention:  HR  Manager,  Req# 
SE-3-IGS,  or  on  line  to 
debbiec@onbase.com  w / 
Req#SE-3-IGS  in  subject  line. 


KBTS  Tech  is  looking  for  System 
/Quality  Analysts.  Install  and 
configure  Sun  Solaris  8/2.6  on 
Sun  E3500,  E450  Enterprise 
Servers  &  Sparc  workstations. 
Also  configure  I/O  devices 
(Ethernet,  SCSI  and  tape  drives) 
and  other  peripherals.  Minimum 
BS.  Apply  at  info  @  kbtstech.com. 
EOE 

Synergy  has  openings  for  IT 
professionals  or  engineers. 
Qualified  applicants  must  have 
BS/MS  with  1-year  experience. 
Strong  background  in  TCP/IP 
Suite,  Unix,  DB2,  Oracle,  VB. 
SQL,  IIS,  Window  NT  and  XML 
is  plus.  Send  resumes  to 
hr@synergycom.com.  Travel  is 
required.  EOE 


Senior  Business  Analysts:  Oracle 
Apps.  1 1  i,  PeopleSoft  8.0;  Apps 
DBAs:  Oracle  RDBMS  7.9i,  Oracle 
Apps.  1 1  i  upgrade,  cloning  & 
migration,  ERWIN,  SOL  Server 
RDBMS,  SQL  Server  2000/ 
7.0,  Oracle  Developer  2000/6i, 
Discoverer  4.4,  OFA  Express 
Server,  Omni  backup  HP  Open 
View  4.1/Measure  Ware  Agent, 
Veritas  Backup  Exec  7.0  Oper¬ 
ating  systems  Solaris  2.7/8,  HP-UX 
1 1/1 1  i,  Windows  NT/2000  plat¬ 
forms;  Senior  ERP  Programmer 
Analysts:  Oracle  PL/SQL,  De¬ 
veloper  2000/6i,  Designer  2000, 
Oracle  Apps  1 1  i  (modules-GL, 
AP,  AR,  FA,  PO,  INV,  OE/OM, 
HRMS,  Service,  OPM's  Manu¬ 
facturing,  Inventory,  OPM's 
Multibatch  Management,  C, 
C++,  Java  2,  Pro*C,  Visual  Gen 
2.2,  Functional  Experience; 
Senior  Proqrammer/Analvsts: 

Oracle  PL/SQL,  Oracle  9i/9iAS, 
Developer  2000/6i;  CRM  Pro- 
□rammer/Analvsts:  Siebel  suite 
incl.  Communications  2000,  Call 
Center,  Energy  '00,  Tools  7.0 
Oracle  CRM  31/1 1  i;  Senior 
DBAs:  Sybase  12.5,  Oracle 
database  9i.  Senior  Network 
Enaineers/Certified  Microsoft 

Trainers:  MCSE,  MCT  &  Cisco 
certifications.  Prevailing  wage 
/benefits.  Consulting  positions 
requiring  travel.  To  apply,  send 
resume  identifying  position(s) 
interested  to  HR,  BPO  Systems, 
501  Silverside  Road,  Suite  83, 
Wilmington,  DE  19809.  US 
Workers  Only.  EOE 


DIRECTOR, 
INFORMATION  AND 
TECHNOLOGY 
COUNTY  OF  MERCED 

The  County  of  Merced,  located 
in  Central  California,  seeks 
a  sophisticated,  experienced 
Director,  Information  and  Tech¬ 
nology  to  manage  a  budget  of 
$7.4  million  and  staff  of  45. 

Responsible  for  the  business 
operation  and  management 
of  the  countywide  mainframe 
computer,  local  and  wide  area 
networks,  telecommunication 
systems  and  emergency  9-1-1 
coordination.  In  addition  to 
strong  managerial  and  analytical 
skills,  candidates  should  have 
broad  and  extensive  experience 
in  the  management  of 
computer  information  and 
telecommunications  systems, 
including  a  minimum  of  3  years 
experience  at  a  senior  level  or 
full  supervisory  capacity.  Equiv¬ 
alent  to  graduation  from  a  four- 
year  college  with  major  work  in  a 
related  field  is  required 
(Master's  degree  desirable). 
Salary  to  $101,837  per  year, 
plus  excellent  benefits. 

To  apply,  send  cover  letter, 
indication  of  current  salary,  three 
work-related  references  and  re¬ 
sume  that  reflects  months  and 
years  of  beginning/ending 
dates  of  positions  held. 
Forward  your  materials  by 
November  4,  2002  to  Teri 
Black-Brann  at:  CSAC  HR  ADVI¬ 
SORY  SERVICES  241  Lathrop 
Way,  Sacramento,  CA  95815, 
Tel:  (916)  263-1401,  Fax:  (916) 
561-7205,  Email: 
resumes@cps.ca.gov 
www.cps.ca.gov/shannon 


Programmer  Analyst 
Manh,  NY-  Software/Sys.  Dev. 
firm  seeks  qualified  indiv.  to 
analyze,  develop,  revise,  test,  & 
fine-tune  multimedia  presenta¬ 
tions,  under  supervision,  for 
clients.  Req'd:  BS  in  CompSci  & 
1  yr  exp.  in  the  job  offered.  Must 
have  exp  in  Lingo,  SQL  &  Install 
Script.  Must  know  Macromedia 
Director  Software.  Pis  send  res 
to:  Cynthia  Carnesi,  Interactive 
Edge,  Inc.  1 8  W.  1 8th  Street,  5th 
FI.,  NY,  NY  10011 


PHILADELPHIA,  PENNSYLVA 


1  6  T  H  SYSTEMS 
ADMINISTRATION 
CONFERENCE  & 
TUTORIAL  PROGRAM 


NIA  NOVEMBER  3-8,  2002 


Strengthening  the  practice  of  system  administration 
through  technical  education,  training,  and  research 


■  Learn  practical 
techniques  to  improve  your 
IT  infrastructure  and 


lower  your  IT  costs. 


■  Keynote:  Jim 
Reese,  Chief 
Operations 
Engineer,  Google: 
Scaling  the  Web 


Sponsored  by  USENIX, 
association,  and  SAGE,  the  system  administrators  guild 


USENIX 

SAGE 


Elogex  has  an  opening  for  a 
Software  Engineer  (Senior). The 
qualified  candidate  will  coordi¬ 
nate  development  and  mainte¬ 
nance  of  computer  systems  uti¬ 
lizing  various  database  servers 
and  applications.  Responsibilities 
include  overseeing  analysis  of 
business  requirements  and 
development  of  detailed  specifi¬ 
cations  for  new  and  existing 
applications  of  the  Elogex  Net¬ 
work,  applying  information  engi¬ 
neering  and  structured  systems 
development  languages,  analyzing 
existing  software,  documentation 
and  current  processes  as  well  as 
overseeing  design,  testing,  in¬ 
stallation  and  documentation  of 
new  and  existing  programs.  Will 
be  responsible  for  maintaining 
existing  programs  and  working 
with  end-users,  coordinating  user 
training,  problem  resolution  and 
troubleshooting.  Minimum  re¬ 
quirements  are  a  B.S.  in  Computer 
Science,  7  years  of  experience 
in  software  development  and 
knowledge  of  Java  design/devel¬ 
opment,  HTML,  JSPs,  SQL,  in¬ 
terface  design  development  and 
XML/DTD  design  development. 
Please  submit  your  resume  to 
Elogex,  HR,  212  South  Tryon 
Street,  Charlotte,  NC  28281 . 


Several  computer  related  posi¬ 
tions  available  for  international 
airline  telecom  and  information 
services  company.  Degree,  tech¬ 
nical  skills  &  experience  vary  per 
position.  Send  resume  to 
Natasha  Lyttle,  SITA  INC,  3100 
Cumberland  Blvd.,  Ste  200, 
Atlanta,  GA  30339.  SITA  INC  is 
an  Equal  Opportunity  Employer. 


Business  Analyst 

Provide  technical  assistance  to 
client's  at  remote  locations.  Devise 
customized  IT  solutions  based 
on  product  knowledge  and 
capacity  and  a  client's  systems 
requirements.  Must  have  Bachelors 
Degree  in  Information  Systems 
or  CS  &  6  mos.  exp.  or  6  mos. 
exp.  in  a  related  position  w/ability 
to  use:  Unix,  AS/400,  Windows, 
C++,  Cobol,  Code  Modification 
and  Conflict  Resolution. 

40.0  hrs./wk  8:00  AM  -  6:00  PM 
$57,  450/Yr. 

Applicants  send  cover  letter 
and  resume  to: 

McCamish  Systems  LLC 
6425  Powers  Ferry  Road 
3rd  Floor 

Atlanta,  GA  30339 

Attn:  Donna  Perlmutter 


Cedar  Enterprise  Solutions,  Inc., 
a  software  consulting  and 
services  organization  has  an 
opening  for  a  Systems  Analyst. 
The  ideal  candidate  will  analyze 
user  requirements  and  design 
custom  views  for  users;  will 
design,  develop  and  maintain 
interfaces;  create  remote  data¬ 
bases,  maintain  servers  and 
systems  reports,  and  support  ex¬ 
isting  systems.  Responsibilities 
will  also  encompass  development 
and  implementation  of  new  and 
existing  applications  and  data 
conversion  processes.  Minimum 
requirements  are  a  Bachelors 
Degree  in  Computer  Science 
and  2  years  of  experience  in 
systems  analysis,  program  design 
and  development,  applications 
implementation  and  support  or4 
years  of  professional  experience 
in  systems  analysis,  program 
design  and  development,  appli¬ 
cations  implementation  and 
support.  Please  submit  your 
resume  to:  Cedar  Enterprise 
Solutions,  lnc./HR,  100  East 
Pratt  Street,  Baltimore,  MD  21 202. 


VegaStream,  lnc„  located  in 
Dublin  is  seeking  F/T  expd. 
Manager  of  Product  Support  to 
research,  design,  and  developing 
of  computer  software  systems,  in 
conjunction  with  hardware  product 
development.  Analyze  software 
requirements  to  determine  fea¬ 
sibility  of  design  within  time  and 
cost  constraints.  Consult  with 
hardware  engineers  and  other 
engineering  staff  to  evaluate 
interface  between  hardware  and 
software,  and  operational  and 
performance  requirements  of 
overall  system.  Formulate  and 
design  software  system,  using 
scientific  analysis  and  mathe¬ 
matical  models  to  predict  and 
measure  outcome  and  conse¬ 
quences  of  design.  Bachelor's 
degree  in  Computer  Science, 
competitive  salary.  Fax  resume 
to  Gina  (561)995-6027. 


System  Analyst  wanted  for  West 
Lebanon,  NH  company  to  perform 
day  to  day  mgmt.  of  web  based 
&  mobile  technologies;  projects 
involving  extensive  client  interaction 
for  system  reqts.;  analysis,  design 
&  architecture  of  solutions; 
prototype  develop.;  identif.  & 
develop,  of  middleware  compo¬ 
nents  such  as  COM,  JavaBeans, 
EJB;  database  design;  inter-team 
mgmt.;  project  mgmt.;  using 
tools  such  as  Visio,  IBM  Visual 
Age  for  Java,  Allaire  JRun, 
MQSeries  (XML  Messaging), 
Rational  Rose  981,  RDBMS  such 
as  Oracle  8.1,  SQL  Server,  MS- 
Project;  resource  planning  & 
mgmt.;  methodology  identif., 
eval.  &  adoption,  process  definition 
&  implementation;  post  implemen¬ 
tation  support.  Resp.  for  mgmt.  of 
projects,  defining  methodology  & 
processes,  managing  developers 
&  strategic  planning.  Must  have 
Bach.  deg.  in  Comp.  Sci 
Electronic  Eng  or  Math,  &  2  yis. 
exper.  40,/hr/wk.  371,000/yr. 
Send  2  resumes  to  Job  Order  I 
#2002-1 69,  RO.  Box  989.  Coocoi  J. 
NH  03302-0989 
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Safes  Offices 
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Carol  Lasker.  Associate  Publisher/Vtce  President 
SlK  Jar>»;  //eissman.  Sales  Operations  Coordinator 
Internet:  clasker,  jweissman@nww.com 
fSOfi)  4G0-3333/FAX:  (508)  480-1237 


Hew  York/New  Jersey 

Tcm  Davis,  Associate  Publisher,  Eastern  Region 
Elisa  Della  Rocco.  Regional  Sales  Manager 
Aimee  Jacobs.  Sales  Associate 
Internet  tdavia,  elisas,  ajacobs@nww.com 
T201)  587  0090/FAX:  (201)  712-9786 _ 

Northeast 

Donna  Pomponi,  Regional  Sales  Manager 
Kathryn  Zinn,  District  Manager 
Caitlin  Horgan,  Sales  Assistant 
Internet:  dpomponi,  kzinn,  chorgan@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 


3jj|) 


Mid-Atlantic 

Jacqui  DiBianca,  Regional  Sales  Manager 
Marta  Hagan,  Sates  Assistant 
Internet:  jdibian,  mhagan@nww.com 
(610)  971-1530/FAX:  (610)  975-0837 


Midwest/Maryland 

Eric  Danetz,  Senior  District  Manager 
Aimee  Jacobs,  Sales  Associate 
Internet:  edanetz,  ajacobs@nww.com 
(201)  587-0090/FAX:  (201)  712-9786 

Central 

Dan  Gentile,  Midwest  Regional  Director 
Grade  Vela,  Sales  Assistant 
Internet:  dgentile,  gvela@nww.com 
(512)  249-2200/FAX:  (512)  249-2202 

Northern  California 

Sandra  Kupiec,  Associate  Publisher,  Western  Region 
Miles  Dennison,  Regional  Sales  Manager 
Sean  Weglage,  Senior  District  Manager 
Teri  Whitehair,  Office  Manager/Exec.  Asst. 

Berit  Einsiedl,  Sales  Assistant 

Internet:  skupiec,  mdennison,  sweglage,  twhitehair 

beinsiedl@nww.com 

(650)  577-2700/FAX:  (650)  341-6183 _ 

Northwest/Rockies 

Karen  Wilde,  Regional  Sales  Manager 

Lara  Greenberg,  Regional  Sales  Manager 

Kim  Gaffrey,  District  Manager 

Internet:  kwilde,  Igreenberg,  kgaffrey@nww.com 

(650)  577-2700/FAX:  (650)  341-6183 _ 


Southwest 

Becky  Bogart  Randall,  District  Manager 
Angela  Norton,  Sales  Assistant 
Internet:  brandell,  anorton@nww.com 
(949)  250-3006/FAX:  (949)  833-2857 

Southeast 

Don  Seay,  Regional  Sales  Manager 

Caitlin  Horgan,  Sales  Assistant 

Internet:  dseay,  chorgan@nww.com 

(404)  845-2886/FAX:  (404)  250-1646 _ 

Custom  Publishing 

Shaun  Budka,  Custom  Media  Solutions  Manager 

Internet:  sbudka@nww.com 

(508)  460-3333/FAX:  (508)  460-1237 _ 


Fusion 

Alonna  Doucette,  Vice  President  Online  Development 
James  Kalbach,  Director,  of  Online  Sales 
Stephanie  Gutierrez,  Online  Account  Manager 
Debbie  Lovell,  Online  Account  Manager 
Kristin  Baker,  Sales  Operations  Manager 
Internet:  adoucette,  jkalbach,  sgutierrez,  dlovell, 
kbaker@nww.com 

(610)  341-6025/FAX:  (610)  971-0557 _ 


MARKETPLACE 

Response  Card  Decks/MarketPlace 

Richard  Black,  Director  of  Marketplace 
Karima  Zannotti,  Senior  Account  Manager 
Enku  Gubaie,  Senior  Account  Manager 
Amie  Gaston,  Account  Manager 
Sharon  Stearns,  Sr.  Media  Dev.  &  Operations  Mgr. 

Chris  Gibney,  Sales  Operations  Coordinator 
Internet:  rblack,  kzannott,  egubaie,  agaston, 
ssteams,  cgibney@nww.com 
(508)  460-3333/FAX:  (508)  460-1192 

IT  CAREERS 

VP/General  Manager,  Janis  Crowley,  East  Regional  Manager, 
Deanne  Holzer,  Midwest/West  Regional  Manager,  Laura 
Wilkinson,  Operations  Director,  Donna  Kent,  Advertising 
Coordinator,  Leilani  Lopez,  Sales  Support.Tma  Silveira,  Sales 
Support,  Nikki  Wilson  (800)  762-2977/FAX:  (650)  286-2770 


■  Network  World.  Inc. 

118Tumpike  Road,  Southborough,  MA  01772 
Phone:  (508)  460-3333 

TO  SEND  E-MAIL  TO  NWW  STUFF 

firstname_lastname@nww.com 

EvileeThibeault  CEO/Publisher 

John  Gallant,  President/Editorial  Director 

Eleni  Brisbois,  Administrative  Planning  Manager 

FINANCE/BUSINESS  SERVICES 

Mary  Fanning,  Vice  President  Finance 

Paul  Mercer,  Finance  Manager 

Mary  Kaye  Newton,  Billing/AP  Coordinator 

Frank  Coelho,  Senior  Manager,  Business  Services 

LisaThompson,  Business  Services  Administrator 

Mark  Anderson,  Business  Services  Supervisor 

Kevin  McMillen,  Business  Services  Coordinator 

HUMAN  RESOURCES 

Elizabeth  Price,  Director  of  Human  Resources 
Eric  Cormier,  Human  Resources  Representative 

MARKETING 

TerryAnn  Croci,  Senior  Director  of  Marketing 

Barbara  Sullivan,  Senior  Research  Analyst 

Nancy  Petkunas,  Prod.  Marketing  Mgr.  Events/Online 

Judy  Schultz,  Senior  Graphic  Designer 

Cindy  Panzera,  Graphic  Specialist 

GLOBAL  PRODUCT  SUPPORT  CENTER 

Nancy  Parquette,  Sr.  Production  Marketing  Manager 

Print/GPSC 

ADVERTISING  OPERATIONS 

Karen  Wallace,  Senior  Director  of  Advertising  Operations 
Maro  Eremyan,  Advertising  Coordinator 
Veronica Trotto,  Advertising  Coordinator 
Cara  Peters,  Direct  Response  Ad  Coordinator 

PRODUCTION 

Ann  Finn,  Senior  Production  Director 
Greg  Morgan,  Senior  Production  Manager 
Mike  Guerin,  Senior  Print  Buying  Supervisor 
JamiThompson,  AdTraffic  Coordinator 

CIRCULATION 

Richard  Priante,  Senior  Director  of  Circulation 
Darcy  Beach,  Circulation  Operations  Manager 
Bobbie  Cruse,  Subscriptions  Manager 
Mary  Mclntire,  Senior  Marketing  Specialist 

RESEARCH 

Ann  MacKay,  Research  Director 

DISTRIBUTION 

Bob  Wescott,  Distribution  Manager/(508)  879-0700 
IDG  LIST  RENTAL  SERVICES 

Paul  Capone,  Account  Executive 

P.O.  Box  9151,  Framingham,  MA  01701-9151 

(800)  343-6474/(508)  370-0825,  FAX:(508)  370-0020 

SEMINARS  AND  EVENTS 

Robin  Azar,  Vice  President  of  Events 

Michele  Zarelia,  Director,  Events  Business  Development 

Sandra  Gittlen,  Events  Editor 

Betty  Amaro- White,  Event  Finance  Manager 

Neal  Silverman,  Senior  Director  of  Event  Sales 

Andrea  D'Amato,  Sales  Director/Strategic  Partnerships 

Kristin  Ballou,  Senior  Event  Sales  Manager 

Sandy  Weill,  Event  Sales  Manager 

Maureen  Riley,  Event  Sales  Manager 

Judy  Tyler,  Sales  Operations  Specialist 

Debra  Becker,  Dir.,  Marketing  &  Audience  Development 

Kristin  Wattu,  Senior  Marketing  Specialist 

Sean  Landry,  Web  Producer 

Timothy  Johnson,  Marketing  Coordinator 

Jill  Keaveney,  Senior  Event  Planner 

Tim  DeMeo,  Event  Coordinator 

ONLINE  SERVICES 

Alonna  Doucette,  V.P.,  Online  Services 

Hillary  Freeley,  Director,  Online  Audience  Development 

Deborah  Vozikis,  Online  Production  and  Design  Manager 

Adam  Gaffin,  Executive  Editor,  Online 

Melissa  Shaw,  Managing  Editor,  Online 

Jason  Meserve,  Multimedia  Editor 

Sheryl  Hodge,  Online  Copy  Chief 

Christopher  Cormier,  Web  Producer 

INFORMATION  SYSTEMS 

W.  Michael  Draper,  V.  P.  Systems  ATechnology 
Anne  Nickinello,  Director  of  New  Media  Services 
Tom  Kroon,  Senior  Software  Engineer/Architect 
William  Zhang,  Senior  Software  Engineer 
Rocco  Bortone,  Senior  Network  Manager 
Peter  Hebenstreit,  Network  Specialist 
Kevin  O’Keefe,  Systems  Support  Manager 
Brian  Wood,  Senior  Systems  Support  Specialist 
Puneet  Narang,  Manager  of  Database  Technologies 
Pam  Gertsios,  Database  Specialist 


These  indexes  are  provided  as  a  reader  service  Although  every  effort  has 
been  made  to  make  them  as  complete  as  possible,  the  publisher  does  not 
assume  liability  lor  errors  or  omissions. 
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Publicize  your  press  coverage  in  Network 
World  by  ordering  reprints  of  your  editorial 
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Preparing  for  the  worst 

Regulators  are  devising  new  disaster-recovery  rules 

for  financial  institutions.  Among  the  proposals: 

•  Organizations  engaged  in  "core  clearing  and  settlement” 
should  be  able  to  resume  business  within  two  hours. 

•  Those  processing  transactions  or  communicating  changes 
in  customer  positions  should  be  able  to  recover  within  the 
business  day. 

•  Primary  sites  and  back-up  facilities  should  be  at  least  200 
miles  apart. 

•  Institutions  should  design  cross-organization  tests  to  assure 
compatibility. 


Fed 
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$1 1  billion  financial  services  firm. 

The  Fed  acknowledges  its  ideas 
on  regulating  disaster  recovery 
will  add  costs  —  how  much  re¬ 
mains  unclear  —  and  even  fun¬ 
damentally  change  how  financial 
firms  organize  their  central  office 
and  back-up  operations. 

The  Fed  has  summarized  its 
desire  for  new  regulations  in  a 
document  titled  “The  Draft  Inter¬ 
agency  White  Paper  on  Sound 
Practices  to  Strengthen  the  Re¬ 
silience  of  the  U.S.  Financial  Sys¬ 


tem.”  Comments  on  it  are  due  to¬ 
day,  and  banks  expect  the  pro¬ 
posals  it  contains  to  become  reg¬ 
ulations  by  year-end. 

In  the  wake  of  the  Sept.  11 
attacks,  Wall  Street  trading  was 
halted  for  a  week,  and  the  Fed 
acknowledges  that  network  and 
data  back-up  plans  proved  in¬ 
adequate,  creating  a  multibillion- 
dollar  payments  breakdown 
among  the  closely  interconnect¬ 
ed  systems.  Federal  Reserve  Vice 
Chairman  Roger  Ferguson  is  ad¬ 
vocating  new  rules  that  would  re¬ 
quire  banks,  brokerages  and 


■  Network  World  11a  Turnpike  Road, 
Southborough,  MA  01772-9108,  (508)  460-3333. 

Periodicals  postage  paid  at  Southborough, 
Mass.,  and  additional  mailing  offices.  Posted 
under  Canadian  International  Publication  agree 
ment  #40063800.  Network  World  (ISSN  0887-7661) 
is  published  weekly,  except  for  a  single  combined 
issue  for  the  last  week  in  December  and  the  first 
week  in  January  by  Network  World,  Inc.,  118 
Turnpike  Road,  Southborough.  MA  01772-9108. 

Network  World  is  distributed  free  of  charge  in 
the  U.S.  to  qualified  management  or  professionals. 

To  apply  for  a  free  subscription,  go  towww.sub- 
scribenw.com  or  write  Network  World  at  the 
address  below.  No  subscriptions  accepted  with¬ 
out  complete  identification  of  subscriber's  name, 
job  function,  company  or  organization.  Based  on 
the  information  supplied,  the  publisher  reserves 
the  right  to  reject  nonqualified  requests. 
Subscriptions:  1-508-490-6444. 

Nonqualified  subscribers:  $5.00  a  copy:  U.S.  - 
$129  a  year;  Canada  $160.50  (including  7%  GST. 
GST#  126659952);  Central  &  South  America 
$150  a  year  (surface  mail);  Europe  $205  a  year 
(surface  mail),  all  other  countries  $300  a  year 
(airmail  service).  Four  weeks  notice  is  required 
for  change  of  address.  Allow  six  weeks  for  new 
subscription  service  to  begin.  Please  include 
mailing  label  from  front  cover  of  the  publication. 


other  regulated  financial  firms  to 
be  able  to  resume  business  with¬ 
in  hours  in  the  event  of  a  disaster. 
Other  proposals  include  requir¬ 
ing  financial  firms  to  test  back-up 
systems  with  their  trading  part¬ 
ners,  and  duplicate  data  center 
and  business  operations. 

“The  events  of  Sept.  11  graphi¬ 
cally  demonstrated  the  interde¬ 
pendence  among  financial-sys¬ 
tem  participants,  wherever  lo¬ 
cated,”  Ferguson  said  during  a 
recent  meeting  of  the  Institute 
of  International  Bankers  in  Wash¬ 
ington,  D.C. 


Back-up  systems  not  tested 

The  Fed  discovered  that  many 
financial  firms  in  the  New  York 
area  had  not  tested  their  data  and 
telecommunications  back-up  sys¬ 
tems  before  Sept.  11.  Few  had 
planned  for  the  magnitude  of  the 
destruction,  with  offices  and 
telecommunications  circuits  ob¬ 
literated.  In  addition,  the  commer¬ 
cial  “hot  site”  providers  with 
which  the  financial  firms  had 
contracted  were  turning  cus¬ 
tomers  away  because  of  the 
demand. 

This  meant  that  critical  finan- 
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cial  information  couldn’t  be 
shared  electronically,  and  the 
domino  effect  led  a  multibillion- 
dollar  “liquidity  bottleneck”  so 
severe  that  the  Fed  was  forced  to 
lend  large  amounts  directly  to 
institutions  and  provide  billions 
more  in  payments  on  uncleared 
checks.  The  Federal  Reserve  staff 
even  stepped  in  to  set  priorities 
for  the  restoration  of  key  tele¬ 
communications  circuits. 

Ferguson  declined  to  discuss 
the  possible  new  regulations,  but 
public  documents  and  banking 
insiders  provide  a  clear  picture  of 
the  direction  under  way 

In  February,  Ferguson  sum¬ 
moned  two  dozen  of  the  largest 
financial  firms,  including  Citi¬ 
group,  Bear  Stearns,  Goldman 
Sachs,  Mellon  and  Merrill  Lynch, 
to  confer  with  the  Federal  Re¬ 
serve  banks  and  other  regulatory 
agencies,  including  the  New  York 
State  Banking  Department  and 
the  Securities  and  Exchange 
Commission.The  Fed, the  SEC, the 
Treasury’s  Office  of  the  Comp¬ 
troller  of  the  Currency  and  the 
New  York  State  Banking  Depart¬ 
ment  jointly  released  the  draft  of 
the  proposed  disaster-recovery 
regulations  in  late  August. 

Recovery  in  two  hours 

This  draft  suggests  new  rules 
requiring  two-hour  restoration 
and  recovery  and  industrywide 
testing  among  banks  and  their 
customers.  In  the  document,  the 
Fed  suggests  that  banks  prepare 
for  massive  telecommuting  as 
backup;  a  separation  of  primary 
and  back-up  sites  by  at  least  200 
miles;  and  planning  for  a  “split- 
operations”  approach  that  would 
duplicate  employee  and  data 
center  installations  rather  than 
have  a  central  operation  and  a 


Novell 
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hitting  on  a  pain  point  for  many 
large  companies. 

“Identity  is  not  just  a  name,”  says 
Jamie  Lewis,  president  and  re¬ 
search  directory  of  Burton  Group. 
“It  includes  all  of  the  attributes, 
credentials  and  policies  that 
allow  that  ID  to  do  something  on 
the  network.” 

Novell  is  seizing  on  that  idea  as 
it  tries  to  rally  its  products  to  do 
battle  with  IBM,  Microsoft  and 
Sun,  which  recently  acquired  pro¬ 
visioning  vendor  Access360.  It 
also  faces  competition  from  Cour- 
ion,  which  offers  an  identity-man¬ 
agement  suite,  and  a  host  of  point 
products  from  Business  Layers, 
Netegrity  Oblix  and  RSA  Security. 


secondary  backup. 

Some  see  the  proposals  as 
daunting. 

“The  impact  of  this  is  huge,”  Sky 
Financial  Group’s  Hugenberg 
says.“My  bank  trades  with  a  bank 
in  Chicago,  for  instance. The  Fed’s 
white  paper  says  that  the  bank  in 
Chicago  needs  to  be  able  to 
recover. This  is  the  first  time  we’ve 
heard  we  should  be  testing  with 
outside  firms.” 

Hugenberg  says  many  in  the 
banking  industry  expect  to  see 
new  regulations  by  year-end,  lead¬ 
ing  to  an  overhaul  of  the  way 
banks  typically  design  backup 
and  recovery.  Today,  it’s  often 
assumed  that  employees  will  tra¬ 
vel  a  short  distance  to  a  “hot  site” 
or  alternate  facility  if  need  be.  But 
the  Fed  guidelines  will  promote 
more  geographically  dispersed 
operations  in  which  financial 
firms  would  hire  employees  to 
duplicate  functions  done  else¬ 
where.  That  way,  if  one  office  is 
wiped  out,  staff  in  an  alternate 
office  would  be  able  to  continue 
operations. 

“Before  Sept.  11,  we  didn’t  look 
at  our  business-recovery  plan  as  it 


“In  the  past  when  we  thought  of 
ID  management,  we  thought 
about  it  as  individual  pieces,” says 
Gary  Hein,  Novell’s  vice  president 
of  product  architecture.  “Now  we 
are  creating  an  overall  solution 
around  ID  management  that  lets 
you  create,  delete,  maintain  and 
self-manage  identities  and  then 
control  how  you  apply  those  IDs 
to  access  resources  such  as  mail, 
files  and  applications.” 

Hein  says  Novell’s  strength  in  the 
directory  market  provides  a  cor¬ 
nerstone  for  tying  it  all  together. 

“Only  Novell  and  IBM  have 
complete  solutions  for  ID  man¬ 
agement,  and  Novell  has  a  pretty 
good  suite,”  says  John  Enck,  an 
analyst  with  Gartner.  “Their  big¬ 
gest  obstacle  is  going  to  be  over¬ 
coming  the  name  Novell.”  ■ 


related  to  human  impact,”  Hugen¬ 
berg  says.  “Now  we’re  looking  at 
where  people  are,  and  will  they 
be  too  distraught  to  work?  Or 
simply  no  longer  be  around?” 

Several  Fed  documents  pub¬ 
lished  since  Sept.  11  reveal  the 
banks’  concern  that  telecom  car¬ 
riers,  which  are  regulated  by  the 
Federal  Communications  Com¬ 
mission,  are  sometimes  the  weak 
link  in  the  disaster-recovery  chain. 

“Telecommunications  vulnera¬ 
bilities  are  still  seen  as  a  signifi¬ 
cant  source  of  concern,”  the  Fed 
report  said.  “There  is  concern 
that  even  the  telecommunica¬ 
tions  companies  do  not  have  the 
information  they  need  to  pro¬ 
vide  assurances  to  financial 
institutions. 

“Many  firms  believed  they  had 
achieved  redundancy  in  their 
communications  systems  by 
making  arrangements  with  multi¬ 
ple  telecommunications  provid¬ 
ers  or  by  contracting  for  diverse 
routing, only  to  discover  that  all  of 
the  lines  traveled  through  any  of 
now  well-known  single  points  of 
failure,”  the  report  said. 

A  source  at  Merrill  Lynch,  who 
asked  not  to  be  identified, said  his 
firm  made  this  painful  discovery 
Sept.  1 1 . 

“Verizon  was  our  single  point  of 
failure,  and  we  just  had  no  idea 
this  was  the  case,”  he  says. 

Some  carriers,  including  Verizon 
and  AT&T,  contend  they  have 
made  the  effort  not  only  to  re¬ 
build  destroyed  facilities  in  New 
York  but  to  reinforce  circuit  re¬ 
dundancy.  AT&T  spokeswoman 
Claudia  Jones  says  AT&T  is  in  dis¬ 
cussion  with  the  Fed  about 
its  plans. 

The  Fed  wants  to  organize  the 
banking  industry,  the  12  Federal 
Reserve  banks  and  the  telecom 
industry  to  conduct  a  series  of 
disaster-recovery  tests  in  the 
coming  months.*! 
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it  The  events  of  Sept.  11 
graphically  demonstrated  the 
interdependence  among 
financial-system  participants, 
wherever  located.  9  9 
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SIMPLE  products  proliferate 

More  instant-messaging  vendors  adopt  emerging  standard. 


Vendor 

Product 

SIMPLE  support 

FaceTime 

IM  Auditor 

Available  since  Oct.  2001 

IBM/Lotus 

Sametime  3 

Available  this  month 

Microsoft 

Windows  Messenger 

Available  since  Sept  2001 

Nortel 

Succession  Communications  Server  for 
Enterprise  Multimedia  Exchange 

Shipping  in  trials 

Sprint 

Enterprise  IM 

Due  Q1  2003 

WiredRed 

e/ pop 

Due  Q2  2003 

SIMPLE 
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when  they  are  available  to  exchange 
instant  messages  and  initiate  real-time  chat 
sessions. 

“The  financial  services  industry  needs  a 
secure,  auditable  [instant-messaging] 
approach,  but  based  on  open  standards  as 
much  as  possible,” says  Mike  Sayers,  CTO  of 
Reuters,  which  announced  last  week  a 
major  instant-messaging  deployment 
based  on  SIMPLE  that  already  has  attracted 
26,000  users  at  Reuters  and  1,100  other 
financial  services  firms. “We  are  offering  a 
hosted  [instant-messaging]  service  that  is 
firewall  friendly  encrypted  and  based  on 
the  SIP  extensions  known  as  SIMPLE.” 

Reuters  isn’t  the  only  financial  services 
firm  supporting  the  lETFs  instant-messag¬ 
ing  efforts.  Seven  U.S.  brokerage  firms  last 
week  announced  a  coalition  called  the 
Financial  Services  Instant  Messaging 
Association  to  push  instant-messaging  ven¬ 
dors  to  support  the  IETF’s  standards. 
Members  of  the  group  include  Deutsche 
Bank,  J.P  Morgan  Chase,  Credit  Suisse  First 
Boston,  Lehman  Brothers,  Merrill  Lynch, 
Morgan  Stanley  and  UBS  Warburg. 

As  the  IETF  wraps  up  its  work  on  SIMPLE, 
more  software  vendors  are  announcing 
plans  to  support  the  protocols.  Earlier  this 
month,  Lotus  began  shipping  a  S1MPLE- 
compliant  instant-messaging  gateway  with 


IM  in  the  workplace 

Companies  using  instant  messag¬ 
ing  for  business  applications: 


SOURCE  OSTERMAN  RESEARCH  SURVEY  OF 
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the  latest  version  of  Sametime,  which  is  the 
most  popular  instant-messaging  software 
among  large  corporations.  SIMPLE  is  avail¬ 
able  in  Microsoft’s  Windows  Messenger, 
which  comes  bundled  in  Windows  XP 
“Instant-messaging  interoperability  has 
been  a  problem  for  the  last  year.  Before 
that,  use  of  [instant  messaging]  in  the 
enterprise  wasn’t  that  prevalent,”  says  Mike 
Osterman,  president  of  Osterman  Re¬ 
search,  which  tracks  corporate  instant-mes¬ 
saging  usage.”  [Completion  of  SIMPLE]  is  a 
big  step  forward,  and  the  implementation 
of  SIMPLE  in  the  new  version  of  Sametime 
is  a  critical  development.  That’s  because 


61%  of  the  companies  that  have  estab¬ 
lished  a  corporate  standard  for  [instant 
messaging]  have  selected  Sametime.” 

The  stepped-up  product  support  for  SIM¬ 
PLE  coincides  with  the  anticipated  publi¬ 
cation  of  three  key  documents  by  the  IETF 
These  documents  include  a  system  archi¬ 
tecture  that  describes  how  instant  mes¬ 
sages  are  carried  via  SIMPLE,  and  two  doc¬ 
uments  that  describe  how  SIMPLE  handles 
presence  information. 

Vendors  are  working  with  these  three  pro¬ 
tocol  documents.  A  dozen  companies 
demonstrated  beta-version  products  that 
support  SIMPLE  at  the  11th  SIP  Interoper¬ 
ability  Test  Event,  which  was  held  earlier 
this  month  in  Atlanta. 

“The  implementations  were  primarily 
presence-enabled  phones  and  applica¬ 
tions  running  in  a  network  that  make  call¬ 
routing  decisions  based  on  people’s  pres¬ 
ence  and  device,”  says  Robert  Sparks,  co¬ 
chair  of  the  IETF’s  SIMPLE  working  group 
and  senior  software  architect  at  Dynamic- 
soft.  “SIMPLE  worked  beautifully.  People 
were  able  to  exchange  instant  messages 
across  devices  and  platforms.” 

With  its  core  documents  finished,  the 
SIMPLE  working  group  is  developing  sever¬ 
al  optimizations  to  improve  scalability  for 
service  providers  rolling  out  large  SIMPLE 
installations.  Other  ongoing  work  includes 
developing  standard  ways  for  handling 
buddy  lists  and  presenting  states  of  pres¬ 
ence.  The  SIMPLE  working  group  will  meet 
next  month  in  Atlanta  to  discuss  these  pro¬ 
tocol  tweaks. 

“I  envision  a  six-month  process”  for  these 
enhancements,  says  Jon  Peterson,  cochair 
of  the  SIMPLE  working  group  and  a  senior 
technical  industry  liaison  for  NeuStar. 

SIMPLE  supporters  say  wireless  service 
providers  are  particularly  interested  in  the 
protocols.  The  Third  Generation  Partner¬ 
ship  Project,  which  is  developing  next-gen¬ 
eration  mobile  systems,  recently  decided 
to  use  SIMPLE  for  its  instant-messaging 
standard. 

“A  lot  of  wireless  carriers  are  asking  for 
presence  support,”  says  Jonathan 
Rosenberg,  chief  scientist  at  Dynamicsoft 
and  author  of  several  documents  pending 
before  the  lETFs  SIMPLE  working  group. 
“Users  want  to  know  if  a  mobile  phone  is 
on  or  available  before  they  make  a  call.” 

Sprint  officials  confirmed  that  they  will 
offer  SIMPLE  support  in  their  Enterprise  IM 


product  by  early  next  year.  Sprint’s  instant¬ 
messaging  offering  unites  secure  instant 
messaging  with  mobile  phone  technology 

“It’s  been  on  our  road  map  to  adopt  SIM¬ 
PLE  as  soon  as  it  is  published,”  says  Ken 
Kurz,  senior  practice  principal  with  the 
Sprint  Mobile  Computing  Services  team. 
“In  the  transportation  vertical,  among 
companies  that  have  a  large  mobile  pop¬ 
ulation,  we’re  seeing  keen  interest  in  SIP 
and  SIMPLE.” 

Currently  Sprint  offers  text  instant  mes¬ 
saging  between  Windows  desktops  and  a 
range  of  mobile  devices.  With  SIP  and  SIM¬ 
PLE,  Sprint  says  it  can  add  features  such  as 
delivering  mobile  users  their  e-mail,  instant 
messages  and  voice  mail  on  whatever 
device  is  handy 

WiredRed,  a  provider  of  secure  instant¬ 
messaging  software  called  e/pop,  says  it 
will  offer  SIMPLE  support  by  the  second 
quarter  of  2003.  Among  WiredRed’s  cus¬ 
tomers  are  the  law  firm  Baker  &  McKenzie, 
Blue  Cross  and  Pfizer. 

“In  most  market  segments,  the  corporate 
buyers  of  [instant-messaging]  systems  are 
looking  to  talk  to  themselves  first  and  then 
to  partners  and  customers,”  says  Allen 
Drennan,  president  and  CEO  of  WiredRed. 
“One  exception  to  that  is  financial  services, 
which  cares  more  about  interoperability 
and  open  standards.” 

One  sign  of  the  financial  services  indus¬ 
try’s  push  toward  instant-messaging  stan¬ 
dardization  is  Reuter’s  announcement  of 
its  hosted  instant-messaging  service,  which 
is  built  around  SIMPLE.  Reuters’  26,000 
users  run  a  variant  of  Microsoft’s  Windows 
Messenger  software  on  their  desktops.  The 
clients  hook  up  to  a  dedicated  server  that 
handles  inbound  and  outgoing  instant¬ 
messaging  traffic,  providing  encryption 
and  an  audit  trail. 

“We  had  a  common  vision  with  Microsoft 
around  the  direction  that  instant  messag¬ 
ing  was  headed,  that  it  would  be  based  on 
SIP  and  the  extensions  known  as  SIMPLE,” 
Reuters  CTO  Sayers  says. 

Initially  Reuters  will  offer  instant  messag¬ 
ing  as  a  hosted  service,  but  the  company 
plans  to  offer  an  enterprise  software  plat¬ 
form  by  2004.  Sayers  says  that  offering  will 
be  based  on  Microsoft’s  Greenwich,  a  real¬ 
time  communications  server  still  under 
development. 

Financial  services  firms 
“want  to  run  their  own 


collaboration  environments,  and  compa¬ 
nies  like  Reuters  will  act  as  agents  for 
gated  communities  across  companies," 
Sayers  says. 

For  no\y  Reuters  offers  its  instant-messag¬ 
ing  service  to  end  users  for  free.  The  com¬ 
pany  says  it  hopes  to  sign  up  175,000  users 
by  year-end  in  what  observers  say  will  be 
one  of  the  largest-ever  deployments  of  SIM¬ 
PLE.  Reuters  also  plans  to  integrate  instant 
messaging  into  its  existing  desktop  services 
that  offer  up-to-the-minute  financial  news. 

The  Reuters  deployment  is  a  “reasonably 
significant  milestone  because  the  real 
focus  of  the  application  is  on  interoper¬ 
ability?’ Osterman  says. 

“From  my  perspective,  the  biggest  single 
piece  of  validation  we  derive  from  the 
Reuters  application  is  that  SIMPLE  can 
meet  the  security  requirements  to  manage 
that  kind  of  data”  the  lETFs  Peterson  says. 

One  company  that  has  backed  off  its 
plans  to  support  SIMPLE  is  AOL,  the  lead¬ 
ing  provider  of  consumer  instant-messag¬ 
ing  services.  AOL  announced  in  the  sum¬ 
mer  of  2001  that  it  would  support  SIMPLE, 
but  it  has  since  changed  directions.  Now 
AOL  says  its  strategy  is  to  sign  licensing 
agreements  that  involve  AOLs  proprietary 
instant-messaging  protocols.  One  licensee 
is  Apple  Computer,  which  offers  support  for 
AOL  Instant  Messenger  in  the  iChat  feature 
of  Mac  OS  10. 

Another  potential  threat  for  SIMPLE  is 

k  k  Instant-messaging 
interoperability  has  been 
a  problem  for  the  last 
year.  If 

Mike  Osterman 

President,  Osterman  Research 

Jabber,  an  open  source  instant-messaging 
protocol  based  on  XML  The  Jabber  com¬ 
munity  has  asked  the  IETF  to  advance  its 
Extensible  Messaging  and  Presence 
Protocol  and  to  publish  it  as  a  standards- 
track  document.  The  IETF  held  a  prelimi¬ 
nary  discussion  on  Jabber  at  its  last  meeting 
in  July  The  IETF  leadership  is  considering 
whether  to  start  a  Jabber  Working  Group. 

Communicator  is  one  instant-messaging 
vendor  that  is  debating  whether  to  support 
Jabber  or  SIMPLE  as  its  instant-messaging 
standard.  Credit  Suisse  First  Boston, 
Goldman  Sachs,  J.PMorgan  Chase, Lehman 
Brothers,  Merrill  Lynch,  Morgan  Stanley, 
Salomon  Smith  Barney  and  UBS  Warburg 
use  Communicator’s  Hub  instant-messag¬ 
ing  product. 

“Were  a  big  believer  in  standards 
because  they  lower  the  barriers  for  our 
customers,”  says  Gary  Reifman,  product 
manager  for  messaging  services  at 
Communicator.  “We’re  evaluating  support 
for  SIMPLE  now  as  well  as  Jabber. ...  We 
want  to  support  the  stan¬ 
dards  that  our  customers 
want.”B 
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BackSpin 

IT  professionals  online:  Anything  goes? 


“In  olden  days,  a  glimpse  of 
stocking  /  Was  looked  on  as 
something  shocking.  /  But  now, 
God  knows,  /  Anything  goes.” 

Lyrics  to  “Anything  Goes”  by  Cole  Porter 

I’m  starting  to  think  that  we’ve  lost  all  sense  of 
perspective  when  it  comes  to  online  marketing, 
selling  and  behavior. 

1  just  read  that  Unilever  has  been  running  a  TV  ad 
on  a  British  Web  site  for  its  Lynx  cologne  that  shows 
women  in  “sexually  suggestive  poses,  juxtaposed 
against  brief  scenes  involving  a  worm,  a  frog  and  an 
old  man  in  bed.”  Apparently  the  ad  is  intended  to  be 
so  weird  yet  so  “arousing”  that  you  hit  rewind  think¬ 
ing  “what  the  heck  was  that  I  just  saw?” 

The  software  used  to  show  the  ad  is  from  Eye- 
Wonder,  whose  CEO  said  in  a  Washington  Post  story: 
“The  Internet  allows  you  to  communicate  more  pre¬ 
cisely  to  a  demographic  you  want  to  reach  without 
having  to  worry  about  Susie,  who  is  6  years  old, see¬ 
ing  it. You  can  appeal  to  John,  who  is  22  . . .  with 
more  creative  license.” 

First  of  all,  it  is  one  thing  to  sell  software  but  quite 
another  to  hype  its  value  as  unlocking  creative 
license  when  all  that  is  really  at  play  is  a  lewd  pitch 
that  gets  by  because  the  Internet  is  not  censored. 

Second,  the  notion  that  the  'Net  lets  you  “communi¬ 


cate  more  precisely  to  a  demographic  you  want  to 
reach”  is  ludicrous.lt  is  this  Alice-in-Wonderland  logic 
that  marketers  hand  out  to  justify  pushing  the  bound¬ 
aries  of  what  is  acceptable  in  a  public  forum. 

The  way  companies  justify  their  behavior  can  be 
intriguing.  For  example,  I  recently  had  an  exchange 
with  a  newsletter  distributor  who  had  sent  me  a 
publication  on  the  say-so  of  a  client  who  provided 
a  list  that  the  client  claimed  was  opt-in. 

Of  course,  the  list  was  no  such  thing,  and  when  I 
suggested  to  the  newsletter  company  that  it  should 
be  using  double  opt-in  subscriptions  rather  than  just 
trusting  clients,  the  CEO  responded:  “Confirmed  opt- 
in  [also  known  as  double-opt  in]  is  certainly  an 
ideal  method  of  building  a  list.  However,  the  market¬ 
place  is  pushing  in  the  opposite  direction.” 

Let  me  translate:“We  know  what  we  should  do,  but 
we’ll  drop  our  standards  if  we  can  see  the  mone/ 

I  realize  that  revenues  are  dropping  so  the  client’s 
needs  must  be  met  to  retain  their  business.  But  fol¬ 
lowing  such  an  acquiescence  comes  further  acqui- 
escences  until  you  have  no  principles  left. 

What  I’m  trying  to  highlight  is  a  mounting  ten¬ 
dency  to  abandon  all  standards  that  might  be  con¬ 
sidered  mature  in  favor  of  business  expediency. 

From  one  viewpoint  this  might  be  perceived  as  an 
evolution.  As  the  ’Net  becomes  less  geek-oriented 
and  more  commercially  driven,  the  need  to  find  and 


establish  the  new  frontiers  of  sales  and  marketing  in 
what  is  an  unstructured,  unregulated  universe  be¬ 
comes  the  primary  driving  force. 

In  many  respects  this  exploration  of  the  limits  of 
what  can  be  done  online  and,  as  a  consequence, 
what  is  acceptable,  is  exactly  what  U.S.  cable  chan¬ 
nels  have  done  with  extreme  programming. 

But  the  ’Net  is  very  different  from  cable  television 
in  that  the  cost  of  experimenting  and  the  cost  of  an 
experiment  failing  are  trivial  in  comparison  with 
creating  and  airing  a  TV  show. 

More  importantly,  even  slightly  successful  online 
experiments  (as  in  the  public  voting  with  its  dollars 
and  clicks)  become  part  of  what  is  considered 
acceptable.  And  if  your  company  operates  in  these 
nether  regions  of  online  marketing  and  selling,  the 
consequences  will  affect  you. 

For  example,  do  you  want  to  be  in  charge  of  mak¬ 
ing  spam  campaigns  happen?  Do  you  want  to  en¬ 
able  dubious  business  practices  and  ethically  ques¬ 
tionable  operations?  These  are  important  questions 
because  you  make  these  activities  possible  and 
they  will,  because  of  your  support,  compromise 
your  ethical  and  moral  position. 

You  need  to  decide:  If  indeed  “anything  goes,”  will 
you  go  first? 

Escape  clauses  to  backspin@gibbs.com. 
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By  Paul  McNamara 


Bullish  on  e-commerce 

America  might  be  at  war  by  then  and  the  economy 
will  still  be  Jell-0,  but  nothing  short  of  Armageddon 
—  or  perhaps  an  elf  strike  —  will  keep  the  holiday 
gift-shopping  season  from  happening  this  year. 

Few  predictions  inspire  such  confidence  among 
experts.  So  we  spoke  recently  to  Joel  Ronning,  CEO 
of  e-commerce  services  provider  Digital  River,  to  get 
an  idea  of  what  the  better  online  storefronts  are  doing  to  get  ready. 

Digital  River  says  it  has  32,000  clients  ranging  from  high-tech  heavyweights  such 
as  Novell,  Symantec  and  Siemens  to  household  names  such  as  Major  League 
Baseball  and  National  Geographic  ...  as  well  as  a  boatload  of  mom  and  pops. 
Ronning  says  about  11,000  software  publishers  generate  75%  of  his  revenue. 

Ronning  insists  business  has  never  been  better  —  the  company  is  profitable  — 
and  that  the  future  couldn’t  look  brighter. 

“While  the  general  business  assumption  is  that  the  Internet  thing  has  gone 
away,  the  reality  is  exactly  the  opposite,”  he  says.  “There  are  more  people  online 
than  there  were  a  year  ago  and  they’re  buying  more  than  they  did  a  year  ago.” 

Other  trends: 

"Year  over  year  we  continue  to  see  more  products  purchased  digitally,"  he  says. 
"People  are  getting  more  comfortable  with  getting  a  digital  file  than  they  were 
one,  two  or  six  years  ago.  That's  good  news  because  it  allows  us  to  deliver  a  prod¬ 
uct  halfway  around  the  world  in  a  matter  of  seconds.” 

E-commerce  sites  are  still  too  complicated,  despite  a  droning  drumbeat  of 
advice  to  cut  it  the  heck  out. 

“They  continue  to  be  developed  by  technical  talent,  [but]  we're  seeing  a  shift  to 
getting  them  done  by  people  who  really  understand  customer  usability,”  Ronning 


says.  "Generally,  when  we  take  over  a  client  site  we  spend  the  first  quarter  just 
getting  it  so  it’s  a  much  friendlier  user  experience." 

What  he  doesn’t  see  are  sites  selling  “bowling  balls  or  dog  food." 

Ask  nothing,  expect  little 

The  thought  was  that  if  I  went  to  hear  the  head  of  the  President's  Critical 
Infrastructure  Protection  Board  explain  its  new  cybersecurity  recommendations 
I  might  acquire  a  bit  of  optimism  about  their  likelihood  for  success. 

I  went.  I  heard.  And  came  away  even  more  convinced  that  this  initiative  is 
doomed  to  accomplish  only  a  fraction  of  the  job. 

Nothing  less  than  the  future  of  our  economy  rests  on  its  success,  we  have  been 
told.  Nothing  short  of  our  physical  security  should  be  considered  a  higher  priority. 

Yet  absolutely  nothing  will  be  asked  —  as  in  demanded  —  of  any  service  provider, 
hardware  vendor,  software  maker,  network  executive  or  taxpayer. 

The  bully  pulpit,  heightened  education  and  a  spirit  of  shared  commitment  will  be 
the  weapons  of  choice. 

"What  we  are  trying  to  avoid  is  a  heavy-handed  federal  mandate,"  Richard 
Clarke  told  a  roomful  of  journalists  last  week. 

Never  mind  heavy-handed.  They  aren't  requiring  anyone  to  lift  a  finger,  which 
assures  that  an  awful  lot  of  those  who  should  be  bending  their  backs  will  simply 
slink  away  instead. 

Clarke  never  came  close  to  reconciling  that  disconnect  between  the  impor¬ 
tance  of  the  mission  and  his  board's  unwillingness  to  make  any  demands  of  any 
one,  which  leave  politics  and  ideology  as  the  only  plausible  explanations. 

"I  find  fascinating  the  comment  that  we're  not  doing  enough,"  Clarke  com 
plained. 

I  was  surprised  he  didn't  wink  when  he  said  it. 

Writing  to  Buzz  is  also  strictly  voluntary.  The  address  is  buzz@nwiv.com 
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(e)  business  is  the  game.  Play  to  win  C 


3]  For  more  Winning  Plays,  visit  ibm.com/e-business 


1  ]  When  the  CEO  wants  it  network-ready,  you  need  to  deliver. 

And  fast.  With  an  end-to-end  open  e-business  infrastructure,  you 
can  respond  instantly,  integrate  smoothly  and  deploy  quickly. 


2]  IBM  is  leading  the  open  charge  across  the  entire  world  of 
infrastructure  -  from  Linux®-enabled  hardware  and  software,  to 
Java™  and  XML-based  Web  solutions,  through  to  IBM  integration 
experts.  Integration.  It’s  how  winners  win. 


OPEN  INFRASTRUCTURE 

INTEGRATION 

PLAY 


NEEDS  IT 
URGENTLY 


We  hear  you.  You  want  more  from  your  technology.  You  want  to  be  as  productive 
as  you  know  you  can  be.  You  want  change.  That’s  why  we  don’t  believe  in  technology 
for  technology  alone.  We  believe  in  technology  for  you.  So  before  we  design  our 
processors  and  memory  chips,  we  think  about  the  way  you  want  to  work  and  the 
tools  that  will  help  you  work  better.  We  believe  in  innovation  you  can  use.  That’s  what 
“AMD  me"  is  all  about.  So  go  ahead  and  say  it — we’re  listening.  Visit  www.amd.com 
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